Candidate: CVE-2017-12103
PublicDate: 2018-04-24 19:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12103
 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0455
 https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e6df02861e17f75d4dd243776f35208681b78465
Description:
 An exploitable integer overflow exists in the way that the Blender
 open-source 3d creation suite v2.78c converts text rendered as a font into
 a curve. A specially crafted .blend file can cause an integer overflow
 resulting in a buffer overflow which can allow for code execution under the
 context of the application. An attacker can convince a user to open the
 file or use the file as a library in order to trigger this vulnerability.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_blender:
upstream_blender: needs-triage
precise/esm_blender: DNE
trusty_blender: ignored (reached end-of-life)
trusty/esm_blender: DNE (trusty was needed)
xenial_blender: ignored (end of standard support, was needed)
artful_blender: ignored (reached end-of-life)
bionic_blender: not-affected (2.79+dfsg0-1)
cosmic_blender: not-affected (2.79+dfsg0-1)
disco_blender: not-affected (2.79+dfsg0-1)
eoan_blender: not-affected (2.79+dfsg0-1)
focal_blender: not-affected (2.79+dfsg0-1)
groovy_blender: not-affected (2.79+dfsg0-1)
hirsute_blender: not-affected (2.79+dfsg0-1)
impish_blender: not-affected (2.79+dfsg0-1)
jammy_blender: not-affected (2.79+dfsg0-1)
devel_blender: not-affected (2.79+dfsg0-1)