Multiple vulnerabilities in Blender
| Risk | High |
| Patch available | NO |
| Number of vulnerabilities | 21 |
| CVE-ID | CVE-2017-12081 CVE-2017-12082 CVE-2017-12086 CVE-2017-12099 CVE-2017-12100 CVE-2017-12101 CVE-2017-12102 CVE-2017-12103 CVE-2017-12104 CVE-2017-12105 CVE-2017-2899 CVE-2017-2900 CVE-2017-2901 CVE-2017-2902 CVE-2017-2903 CVE-2017-2904 CVE-2017-2905 CVE-2017-2906 CVE-2017-2907 CVE-2017-2908 CVE-2017-2918 |
| CWE-ID | CWE-190 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Blender Client/Desktop applications / Multimedia software |
| Vendor | blender.org |
Security Bulletin
This security bulletin contains information about 21 vulnerabilities.
1) Integer overflow
EUVDB-ID: #VU9982
Risk: High
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2017-12081
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite. A remote attacker can send a specially crafted .blend file, trick the victim into opening or using it as a library, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Blender: 2.78c
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0433
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Integer overflow
EUVDB-ID: #VU9983
Risk: High
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2017-12082
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow in the CustomData Mesh loading functionality of the Blender open-source 3d creation suite. A remote attacker can send .blend file with a specially crafted external data file, trick the victim into editing an object within a .blend library in their Scene, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Blender: 2.78c
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0434
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Integer overflow
EUVDB-ID: #VU9984
Risk: High
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2017-12086
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow in the BKE_mesh_calc_normals_tessface functionality of the Blender open-source 3d creation suite. A remote attacker can send a specially crafted .blend file, trick the victim into opening it, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Blender: 2.78c
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0438
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Integer overflow
EUVDB-ID: #VU9985
Risk: High
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2017-12099
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow in the upgrade of the legacy Mesh attribute tface of the Blender open-source 3d creation suite. A remote attacker can send a specially crafted .blend file, trick the victim into opening or using it as a library, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Blender: 2.78c
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0451
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Integer overflow
EUVDB-ID: #VU9986
Risk: High
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2017-12100
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow in the multires_load_old_dm functionality of the Blender open-source 3d creation suite. A remote attacker can send a specially crafted .blend file, trick the victim into opening it, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Blender: 2.78c
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0452
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Integer overflow
EUVDB-ID: #VU9987
Risk: High
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2017-12101
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow in the modifier_mdef_compact_influences functionality of the Blender open-source 3d creation suite. A remote attacker can send a specially crafted .blend file, trick the victim into opening it, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Blender: 2.78c
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0453
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Integer overflow
EUVDB-ID: #VU9988
Risk: High
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2017-12102
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow when the Blender open-source 3d creation suite converts curves to polygons. A remote attacker can send a specially crafted .blend file, trick the victim into opening or using it as a library, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Blender: 2.78c
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0454
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Integer overflow
EUVDB-ID: #VU9989
Risk: High
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2017-12103
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow when the Blender open-source 3d creation suite converts text rendered as a font into a curve. A remote attacker can send a specially crafted .blend file, trick the victim into opening or using it as a library, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Blender: 2.78c
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0455
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Integer overflow
EUVDB-ID: #VU9990
Risk: High
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2017-12104
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow when the Blender open-source 3d creation suite draws a Particle object. A remote attacker can send a specially crafted .blend file, trick the victim into opening or using it as a library, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Blender: 2.78c
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0456
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Integer overflow
EUVDB-ID: #VU9991
Risk: High
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2017-12105
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow when the Blender open-source 3d creation suite applies a particular object modifier to a Mesh. A remote attacker can send a specially crafted .blend file, trick the victim into opening or using it as a library, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Blender: 2.78c
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0457
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Integer overflow
EUVDB-ID: #VU9971
Risk: High
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2017-2899
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow in the TIFF loading functionality of the Blender open-source 3d creation suite. A remote attacker can send a specially crafted .tif file, trick the victim into using it as an asset via the sequencer, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Blender: 2.78c
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0406
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Integer overflow
EUVDB-ID: #VU9972
Risk: High
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2017-2900
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow in the PNG loading functionality of the Blender open-source 3d creation suite. A remote attacker can send a specially crafted .png file, trick the victim into using it as an asset via the sequencer, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Blender: 2.78c
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0407
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Integer overflow
EUVDB-ID: #VU9973
Risk: High
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2017-2901
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow in the IRIS loading functionality of the Blender open-source 3d creation suite. A remote attacker can send a specially crafted .iris file, trick the victim into using it as an asset via the sequencer, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Blender: 2.78c
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0408
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Integer overflow
EUVDB-ID: #VU9974
Risk: High
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2017-2902
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow in the DPX loading functionality of the Blender open-source 3d creation suite. A remote attacker can send a specially crafted .cin file, trick the victim into using it as an asset via the sequencer, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Blender: 2.78c
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0409
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Integer overflow
EUVDB-ID: #VU9975
Risk: High
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2017-2903
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow in the DPX loading functionality of the Blender open-source 3d creation suite. A remote attacker can send a specially crafted .cin file, trick the victim into using it as an asset via the sequencer, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Blender: 2.78c
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0410
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Integer overflow
EUVDB-ID: #VU9976
Risk: High
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2017-2904
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow in the RADIANCE loading functionality of the Blender open-source 3d creation suite. A remote attacker can send a specially crafted .hdr file, trick the victim into using it as an asset via the sequencer, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Blender: 2.78c
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0411
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Integer overflow
EUVDB-ID: #VU9977
Risk: High
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2017-2905
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow in the bmp loading functionality of the Blender open-source 3d creation suite. A remote attacker can send a specially crafted .bmp file, trick the victim into using it as an asset via the sequencer, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Blender: 2.78c
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0412
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Integer overflow
EUVDB-ID: #VU9978
Risk: High
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2017-2906
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow in the animation playing functionality of the Blender open-source 3d creation suite. A remote attacker can send a specially crafted .avi file, trick the victim into using it as an asset, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Blender: 2.78c
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0413
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Integer overflow
EUVDB-ID: #VU9979
Risk: High
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2017-2907
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow in the animation playing functionality of the Blender open-source 3d creation suite. A remote attacker can send a specially crafted .avi file, trick the victim into using it as an asset, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Blender: 2.78c
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0414
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Integer overflow
EUVDB-ID: #VU9980
Risk: High
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2017-2908
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow in the thumbnail functionality of the Blender open-source 3d creation suite. A remote attacker can send a specially crafted .avi file, trick the victim into rendering the thumbnail for the file while in the File->Open dialog, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Blender: 2.78c
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0415
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Integer overflow
EUVDB-ID: #VU9981
Risk: High
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2017-2918
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow in the Image loading functionality of the Blender open-source 3d creation suite. A remote attacker can send a specially crafted .blend file, trick the victim into opening or using it as a library, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Blender: 2.78c
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0425
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
