SB2018011201 - Multiple vulnerabilities in Blender
Published: January 12, 2018
Security Bulletin ID
SB2018011201
Severity
High
Patch available
NO
Number of vulnerabilities
21
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 21 secuirty vulnerabilities.
1) Integer overflow (CVE-ID: CVE-2017-12081)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to integer overflow in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite. A remote attacker can send a specially crafted .blend file, trick the victim into opening or using it as a library, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
2) Integer overflow (CVE-ID: CVE-2017-12082)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to integer overflow in the CustomData Mesh loading functionality of the Blender open-source 3d creation suite. A remote attacker can send .blend file with a specially crafted external data file, trick the victim into editing an object within a .blend library in their Scene, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
3) Integer overflow (CVE-ID: CVE-2017-12086)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to integer overflow in the BKE_mesh_calc_normals_tessface functionality of the Blender open-source 3d creation suite. A remote attacker can send a specially crafted .blend file, trick the victim into opening it, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
4) Integer overflow (CVE-ID: CVE-2017-12099)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to integer overflow in the upgrade of the legacy Mesh attribute tface of the Blender open-source 3d creation suite. A remote attacker can send a specially crafted .blend file, trick the victim into opening or using it as a library, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
5) Integer overflow (CVE-ID: CVE-2017-12100)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to integer overflow in the multires_load_old_dm functionality of the Blender open-source 3d creation suite. A remote attacker can send a specially crafted .blend file, trick the victim into opening it, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
6) Integer overflow (CVE-ID: CVE-2017-12101)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to integer overflow in the modifier_mdef_compact_influences functionality of the Blender open-source 3d creation suite. A remote attacker can send a specially crafted .blend file, trick the victim into opening it, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
7) Integer overflow (CVE-ID: CVE-2017-12102)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to integer overflow when the Blender open-source 3d creation suite converts curves to polygons. A remote attacker can send a specially crafted .blend file, trick the victim into opening or using it as a library, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
8) Integer overflow (CVE-ID: CVE-2017-12103)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to integer overflow when the Blender open-source 3d creation suite converts text rendered as a font into a curve. A remote attacker can send a specially crafted .blend file, trick the victim into opening or using it as a library, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
9) Integer overflow (CVE-ID: CVE-2017-12104)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to integer overflow when the Blender open-source 3d creation suite draws a Particle object. A remote attacker can send a specially crafted .blend file, trick the victim into opening or using it as a library, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
10) Integer overflow (CVE-ID: CVE-2017-12105)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to integer overflow when the Blender open-source 3d creation suite applies a particular object modifier to a Mesh. A remote attacker can send a specially crafted .blend file, trick the victim into opening or using it as a library, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
11) Integer overflow (CVE-ID: CVE-2017-2899)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to integer overflow in the TIFF loading functionality of the Blender open-source 3d creation suite. A remote attacker can send a specially crafted .tif file, trick the victim into using it as an asset via the sequencer, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
12) Integer overflow (CVE-ID: CVE-2017-2900)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to integer overflow in the PNG loading functionality of the Blender open-source 3d creation suite. A remote attacker can send a specially crafted .png file, trick the victim into using it as an asset via the sequencer, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
13) Integer overflow (CVE-ID: CVE-2017-2901)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to integer overflow in the IRIS loading functionality of the Blender open-source 3d creation suite. A remote attacker can send a specially crafted .iris file, trick the victim into using it as an asset via the sequencer, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
14) Integer overflow (CVE-ID: CVE-2017-2902)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to integer overflow in the DPX loading functionality of the Blender open-source 3d creation suite. A remote attacker can send a specially crafted .cin file, trick the victim into using it as an asset via the sequencer, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
15) Integer overflow (CVE-ID: CVE-2017-2903)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to integer overflow in the DPX loading functionality of the Blender open-source 3d creation suite. A remote attacker can send a specially crafted .cin file, trick the victim into using it as an asset via the sequencer, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
16) Integer overflow (CVE-ID: CVE-2017-2904)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to integer overflow in the RADIANCE loading functionality of the Blender open-source 3d creation suite. A remote attacker can send a specially crafted .hdr file, trick the victim into using it as an asset via the sequencer, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
17) Integer overflow (CVE-ID: CVE-2017-2905)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to integer overflow in the bmp loading functionality of the Blender open-source 3d creation suite. A remote attacker can send a specially crafted .bmp file, trick the victim into using it as an asset via the sequencer, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
18) Integer overflow (CVE-ID: CVE-2017-2906)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to integer overflow in the animation playing functionality of the Blender open-source 3d creation suite. A remote attacker can send a specially crafted .avi file, trick the victim into using it as an asset, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
19) Integer overflow (CVE-ID: CVE-2017-2907)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to integer overflow in the animation playing functionality of the Blender open-source 3d creation suite. A remote attacker can send a specially crafted .avi file, trick the victim into using it as an asset, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
20) Integer overflow (CVE-ID: CVE-2017-2908)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to integer overflow in the thumbnail functionality of the Blender open-source 3d creation suite. A remote attacker can send a specially crafted .avi file, trick the victim into rendering the thumbnail for the file while in the File->Open dialog, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
21) Integer overflow (CVE-ID: CVE-2017-2918)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to integer overflow in the Image loading functionality of the Blender open-source 3d creation suite. A remote attacker can send a specially crafted .blend file, trick the victim into opening or using it as a library, trigger memory corruption and execute arbitrary code under the context of the application.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0433
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0434
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0438
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0451
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0452
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0453
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0454
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0455
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0456
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0457
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0406
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0407
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0408
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0409
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0410
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0411
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0412
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0413
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0414
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0415
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0425