CVE-2017-12082

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Blender (affected versions not specified)

Description The issue is caused by an integer overflow in the 'CustomData' Mesh loading functionality. This can be exploited by a specially crafted .blend file with an external data file, leading to a buffer overflow and potentially allowing code execution under the context of the application. An attacker can trigger this issue by convincing a user to edit an object within a .blend library in their Scene.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2018-1696

BDU:2019-04048

CVE-2017-12082

DLA-1465-1

DSA-4248-1

MGASA-2018-0332

Affected Products

Alt Linux

Blender

CVE-2017-12082

Weakness Enumeration

Related Identifiers

Affected Products

References · 88