CVE-2017-2902

Name of the Vulnerable Software and Affected Versions Blender version 2.78c

Description The issue is related to an integer overflow in the DPX loading functionality, which can lead to a buffer overflow. This can be exploited by using a specially crafted '.cin' file, potentially allowing an attacker to execute arbitrary code under the context of the application. An attacker can trigger this issue by convincing a user to use the malicious file as an asset via the sequencer.

Recommendations For version 2.78c, consider avoiding the use of specially crafted '.cin' files until a patch is available. As a temporary workaround, restrict the use of the DPX loading functionality to minimize the risk of exploitation.