CVE-2017-12105

Name of the Vulnerable Software and Affected Versions Blender version 2.78c

Description An integer overflow exists in the way Blender applies a particular object modifier to a Mesh, which can be exploited by a specially crafted .blend file. This can cause a buffer overflow, allowing for code execution under the context of the application. An attacker can trigger this issue by convincing a user to open the malicious file or use it as a library.

Recommendations For Blender version 2.78c, consider avoiding the use of specially crafted .blend files until a patch is available. As a temporary workaround, restrict the use of the Mesh object modifier to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.