CVE-2017-2904

Name of the Vulnerable Software and Affected Versions Blender version 2.78c

Description An integer overflow exists in the RADIANCE loading functionality, which can be exploited using a specially crafted '.hdr' file. This can cause a buffer overflow, allowing for code execution under the context of the application. An attacker can trigger this issue by convincing a user to use the malicious file as an asset via the sequencer.

Recommendations For version 2.78c, consider avoiding the use of '.hdr' files from untrusted sources until a patch is available. As a temporary workaround, restrict the use of the RADIANCE loading functionality to minimize the risk of exploitation.