CVE-2017-2918
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An exploitable integer overflow exists in the Image loading functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability.
Existe un desbordamiento de enteros explotable en la funcionalidad de carga de imágenes de la suite de código abierto de creación 3D Blender v2.78c. Un archivo .blend especialmente manipulado puede provocar un desbordamiento de enteros y un desbordamiento de búfer, que puede permitir la ejecución de código bajo el contexto de la aplicación. Un atacante puede convencer a un usuario para que abra el archivo o emplearlo como biblioteca para desencadenar esta vulnerabilidad.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-12-01 CVE Reserved
- 2018-04-24 CVE Published
- 2023-04-18 EPSS Updated
- 2024-09-17 CVE Updated
- 2024-09-17 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html | Mailing List |
URL | Date | SRC |
---|---|---|
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0425 | 2024-09-17 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.debian.org/security/2018/dsa-4248 | 2022-06-13 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Blender Search vendor "Blender" | Blender Search vendor "Blender" for product "Blender" | 2.78c Search vendor "Blender" for product "Blender" and version "2.78c" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
|