Candidate: CVE-2017-12099
PublicDate: 2018-04-24 19:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12099
 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0451
 https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
Description:
 An exploitable integer overflow exists in the upgrade of the legacy Mesh
 attribute 'tface' of the Blender open-source 3d creation suite v2.78c. A
 specially crafted .blend file can cause an integer overflow resulting in a
 buffer overflow which can allow for code execution under the context of the
 application. An attacker can convince a user to open the file or use it as
 a library in order to trigger this vulnerability.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_blender:
upstream_blender: needs-triage
precise/esm_blender: DNE
trusty_blender: ignored (reached end-of-life)
trusty/esm_blender: DNE (trusty was needed)
xenial_blender: ignored (end of standard support, was needed)
artful_blender: ignored (reached end-of-life)
bionic_blender: not-affected (2.79+dfsg0-1)
cosmic_blender: not-affected (2.79+dfsg0-1)
disco_blender: not-affected (2.79+dfsg0-1)
eoan_blender: not-affected (2.79+dfsg0-1)
focal_blender: not-affected (2.79+dfsg0-1)
groovy_blender: not-affected (2.79+dfsg0-1)
hirsute_blender: not-affected (2.79+dfsg0-1)
impish_blender: not-affected (2.79+dfsg0-1)
jammy_blender: not-affected (2.79+dfsg0-1)
devel_blender: not-affected (2.79+dfsg0-1)