Your submission was sent successfully! Close

CVE-2017-12101

Published: 24 April 2018

An exploitable integer overflow exists in the 'modifier_mdef_compact_influences' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
blender
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Not vulnerable
(2.79+dfsg0-1)
cosmic Not vulnerable
(2.79+dfsg0-1)
disco Not vulnerable
(2.79+dfsg0-1)
eoan Not vulnerable
(2.79+dfsg0-1)
focal Not vulnerable
(2.79+dfsg0-1)
groovy Not vulnerable
(2.79+dfsg0-1)
hirsute Not vulnerable
(2.79+dfsg0-1)
impish Not vulnerable
(2.79+dfsg0-1)
jammy Not vulnerable
(2.79+dfsg0-1)
precise Does not exist

trusty Does not exist
(trusty was needed)
upstream Needs triage

xenial Ignored
(end of standard support, was needed)