CVE-2017-12086 — Integer Overflow or Wraparound in Blender
CWE-190 — Integer Overflow or WraparoundCWE-502 — Deserialization of Untrusted Data10 documents7 sources
Severity
7.8HIGHNVD
GHSA9.8
EPSS
0.8%
top 26.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 24
Latest updateMay 24
Description
An exploitable integer overflow exists in the 'BKE_mesh_calc_normals_tessface' functionality of the Blender open-source 3d creation suite. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages4 packages
Also affects: Debian Linux 8.0, 9.0
🔴Vulnerability Details
3GHSA▶
GHSA-fg6m-3pfp-qxrh: An exploitable integer overflow exists in the 'BKE_mesh_calc_normals_tessface' functionality of the Blender open-source 3d creation suite↗2022-05-13
OSV▶
CVE-2017-12086: An exploitable integer overflow exists in the 'BKE_mesh_calc_normals_tessface' functionality of the Blender open-source 3d creation suite↗2018-04-24
📋Vendor Advisories
2💬Community
3Bugzilla▶
CVE-2017-12086 blender: Integer overflow in BKE_mesh_calc_normals_tessface potentially leading to code execution [epel-7]↗2018-04-25
Bugzilla▶
CVE-2017-12086 blender: Integer overflow in BKE_mesh_calc_normals_tessface potentially leading to code execution↗2018-04-25
Bugzilla▶
CVE-2017-12086 blender: Integer overflow in BKE_mesh_calc_normals_tessface potentially leading to code execution [fedora-all]↗2018-04-25