CVE-2017-2908

Name of the Vulnerable Software and Affected Versions Blender version 2.78c

Description An integer overflow exists in the thumbnail functionality of the Blender open-source 3D creation suite. A specially crafted .blend file can cause an integer overflow, resulting in a buffer overflow, which can allow for code execution under the context of the application. An attacker can convince a user to render the thumbnail for the file while in the File->Open dialog.

Recommendations For Blender version 2.78c, as a temporary workaround, consider disabling the thumbnail rendering functionality in the File->Open dialog until a patch is available. Restrict access to potentially malicious .blend files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.