CVE-2017-12104 — Integer Overflow or Wraparound in Blender

CWE-190 — Integer Overflow or Wraparound5 documents5 sources

Severity

7.8HIGHNVD

EPSS

1.2%

top 20.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Blender Debian Blender Debian Linux

Timeline

PublishedApr 24

Latest updateMay 13

Description

An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c draws a Particle object. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/blender< blender 2.79.a+dfsg0-1 (bookworm)

▶Debianblender/blender< 2.79.a+dfsg0-1+2

▶CVEListV5blender/blenderv2.78c (32-bit)

▶NVDblender/blender2.78c

Also affects: Debian Linux 8.0, 9.0

🔴Vulnerability Details

GHSA

GHSA-2g83-63pc-qvx7: An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2↗2022-05-13

▶

OSV

CVE-2017-12104: An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2↗2018-04-24

▶

📋Vendor Advisories

Debian

CVE-2017-12104: blender - An exploitable integer overflow exists in the way that the Blender open-source 3...↗2017

▶

💬Community

Bugzilla

CVE-2017-12104 blender: Integer Overflow when it draws a Particle object [epel-7]↗2018-08-01

▶