CVE-2017-2905

Name of the Vulnerable Software and Affected Versions Blender version 2.78c

Description An integer overflow exists in the bmp loading functionality, which can be exploited by a specially crafted '.bmp' file to cause a buffer overflow, potentially allowing for code execution under the context of the application. This can be triggered if an attacker convinces a user to use the malicious file as an asset via the sequencer.

Recommendations For version 2.78c, consider avoiding the use of untrusted '.bmp' files in the sequencer until a patch is available. As a temporary workaround, restrict the loading of '.bmp' files to only those from trusted sources to minimize the risk of exploitation.