CVE-2017-2905 — Integer Overflow or Wraparound in Blender
Severity
7.8HIGHNVD
EPSS
1.1%
top 22.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 24
Latest updateMay 13
Description
An exploitable integer overflow exists in the bmp loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.bmp' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages4 packages
Also affects: Debian Linux 8.0, 9.0
🔴Vulnerability Details
2GHSA▶
GHSA-9g2h-6x28-96q6: An exploitable integer overflow exists in the bmp loading functionality of the Blender open-source 3d creation suite version 2↗2022-05-13
OSV▶
CVE-2017-2905: An exploitable integer overflow exists in the bmp loading functionality of the Blender open-source 3d creation suite version 2↗2018-04-24
📋Vendor Advisories
1Debian▶
CVE-2017-2905: blender - An exploitable integer overflow exists in the bmp loading functionality of the B...↗2017
💬Community
13Bugzilla
▶
Bugzilla
▶
Bugzilla
▶