CVE-2017-2900
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An exploitable integer overflow exists in the PNG loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.png' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
Existe un desbordamiento de enteros explotable en la funcionalidad de carga de PNG de la suite de código abierto de creación 3D Blender 2.78c. Un archivo .png especialmente manipulado puede provocar un desbordamiento de enteros y un desbordamiento de búfer, que puede permitir la ejecución de código bajo el contexto de la aplicación. Un atacante puede convencer a un usuario para que utilice el archivo como un activo para desencadenar esta vulnerabilidad.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-12-01 CVE Reserved
- 2018-04-24 CVE Published
- 2023-04-18 EPSS Updated
- 2024-09-16 CVE Updated
- 2024-09-16 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0407 | 2024-09-16 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.debian.org/security/2018/dsa-4248 | 2022-06-13 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Blender Search vendor "Blender" | Blender Search vendor "Blender" for product "Blender" | 2.78c Search vendor "Blender" for product "Blender" and version "2.78c" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||