CVE-2017-2906
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability.
Existe un desbordamiento de enteros explotable en la funcionalidad de reproducción de animaciones de la suite de código abierto de creación 3D Blender 2.78c. Un archivo .avi especialmente manipulado puede provocar un desbordamiento de enteros y un desbordamiento de búfer, que puede permitir la ejecución de código bajo el contexto de la aplicación. Un atacante puede convencer a un usuario para que utilice el archivo como un activo para desencadenar esta vulnerabilidad.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-12-01 CVE Reserved
- 2018-04-24 CVE Published
- 2023-04-18 EPSS Updated
- 2024-09-17 CVE Updated
- 2024-09-17 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html | Mailing List |
URL | Date | SRC |
---|---|---|
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0413 | 2024-09-17 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.debian.org/security/2018/dsa-4248 | 2022-06-13 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Blender Search vendor "Blender" | Blender Search vendor "Blender" for product "Blender" | 2.78c Search vendor "Blender" for product "Blender" and version "2.78c" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
|