Vulnerability Name: | CVE-2017-12081 (CCN-137506) | ||||||||||||||||||||||||||||||||||||||||
Assigned: | 2017-07-31 | ||||||||||||||||||||||||||||||||||||||||
Published: | 2018-01-11 | ||||||||||||||||||||||||||||||||||||||||
Updated: | 2022-04-19 | ||||||||||||||||||||||||||||||||||||||||
Summary: | An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability. | ||||||||||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) 6.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:U/RC:R)
6.9 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:U/RC:R)
| ||||||||||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-190 | ||||||||||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2017-12081 Source: XF Type: UNKNOWN blender-cve201712081-integer-overflow(137506) Source: MLIST Type: Third Party Advisory [debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update Source: CCN Type: Blender Web site Blender Source: DEBIAN Type: Third Party Advisory DSA-4248 Source: CCN Type: Talos Vulnerability Report TALOS-2017-0433 Blender vcol_to_fcol Integer Overflow Code Execution Vulnerability Source: MISC Type: Exploit, Third Party Advisory https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0433 Source: CCN Type: WhiteSource Vulnerability Database CVE-2017-12081 | ||||||||||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||
BACK |