CVE-2017-12101

An exploitable integer overflow exists in the 'modifiermdefcompact_influences' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability.

References

Affected packages

Git / github.com/blender/blender

Affected ranges

Type

GIT

Repo

https://github.com/blender/blender

Events

Introduced

Last affected

e92f235283071c13759bc4e6e861e4e938985307

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.78c"
        }
    ]
}

Affected versions

2.*

2.72b

v2.*

v2.25

v2.26

v2.27

v2.28

v2.28a

v2.28c

v2.30

v2.31

v2.31a

v2.32

v2.33

v2.33a

v2.34

v2.35

v2.35a

v2.36

v2.37

v2.37a

v2.40

v2.41

v2.42

v2.42a

v2.43

v2.44

v2.45

v2.46

v2.47

v2.48

v2.48a

v2.49

v2.49a

v2.49b

v2.50

v2.51

v2.52

v2.53

v2.54

v2.55

v2.56

v2.56a

v2.57

v2.57a

v2.57b

v2.58

v2.58a

v2.59

v2.60

v2.60a

v2.61

v2.63

v2.63a

v2.64

v2.64a

v2.65

v2.65a

v2.66

v2.66a

v2.67

v2.67a

v2.67b

v2.68

v2.68a

v2.69

v2.70

v2.70-rc

v2.70-rc2

v2.70a

v2.71

v2.71-rc1

v2.71-rc2

v2.72

v2.72-rc1

v2.72a

v2.72b

v2.73

v2.73-rc1

v2.73a

v2.74

v2.74-rc1

v2.74-rc2

v2.74-rc3

v2.74-rc4

v2.75

v2.75-rc1

v2.75-rc2

v2.75a

v2.76

v2.76-rc1

v2.76-rc2

v2.76-rc3

v2.76a

v2.76b

v2.77

v2.77-rc1

v2.77-rc2

v2.77a

v2.78

v2.78-rc1

v2.78-rc2

v2.78a

v2.78b

v2.78c

v2.79

v2.79-rc1

v2.79-rc2

v2.79a

v2.79b

v2.80

v2.80-rc1

v2.80-rc2

v2.80-rc3

v2.81

v2.81a

v2.82

v2.82a

v2.83

v2.83.1

v2.83.10

v2.83.12

v2.83.13

v2.83.14

v2.83.15

v2.83.16

v2.83.17

v2.83.18

v2.83.19

v2.83.2

v2.83.20

v2.83.3

v2.83.4

v2.83.5

v2.83.6

v2.83.6.1

v2.83.7

v2.83.8

v2.83.9

v2.90.0

v2.90.1

v2.91.0

v2.91.2

v2.92.0

v2.93.0

v2.93.1

v2.93.10

v2.93.11

v2.93.12

v2.93.13

v2.93.14

v2.93.15

v2.93.16

v2.93.17

v2.93.18

v2.93.2

v2.93.3

v2.93.4

v2.93.5

v2.93.6

v2.93.7

v2.93.8

v2.93.9

v3.*

v3.0.0

v3.0.1

v3.1.0

v3.1.1

v3.1.2

v3.2.0

v3.2.1

v3.2.2

v3.3.0

v3.3.1

v3.3.10

v3.3.11

v3.3.12

v3.3.14

v3.3.16

v3.3.17

v3.3.18

v3.3.19

v3.3.2

v3.3.20

v3.3.21

v3.3.3

v3.3.4

v3.3.5

v3.3.6

v3.3.7

v3.3.8

v3.3.9

v3.4.0

v3.4.1

v3.5.0

v3.5.1

v3.6.0

v3.6.1

v3.6.10

v3.6.11

v3.6.12

v3.6.13

v3.6.14

v3.6.15

v3.6.16

v3.6.17

v3.6.18

v3.6.19

v3.6.2

v3.6.20

v3.6.21

v3.6.22

v3.6.23

v3.6.3

v3.6.4

v3.6.5

v3.6.7

v3.6.8

v3.6.9

v4.*

v4.0.0

v4.0.1

v4.0.2

v4.1.0

v4.1.1

v4.2.0

v4.2.1

v4.2.10

v4.2.11

v4.2.12

v4.2.13

v4.2.14

v4.2.15

v4.2.16

v4.2.17

v4.2.18

v4.2.19

v4.2.2

v4.2.3

v4.2.4

v4.2.5

v4.2.6

v4.2.7

v4.2.8

v4.2.9

v4.3.0

v4.3.1

v4.3.2

v4.4.0

v4.4.1

v4.4.2

v4.4.3

v4.5.0

v4.5.1

v4.5.2

v4.5.3

v4.5.4

v4.5.5

v4.5.6

v4.5.7

v4.5.8

v5.*

v5.0.0

v5.0.1

v5.1.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-12101.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    }
]