CVE-2017-2907

Name of the Vulnerable Software and Affected Versions Blender version 2.78c

Description An integer overflow exists in the animation playing functionality of the Blender open-source 3D creation suite. This issue can be triggered by a specially created '.avi' file, causing an integer overflow that results in a buffer overflow, potentially allowing for code execution under the context of the application. An attacker can exploit this by convincing a user to use the malicious file as an asset.

Recommendations For Blender version 2.78c, as a temporary workaround, consider disabling the animation playing functionality until a patch is available. Avoid using specially created '.avi' files as assets in the application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.