Candidate: CVE-2017-2908
PublicDate: 2018-04-24 19:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2908
 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0415
 https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
Description:
 An exploitable integer overflow exists in the thumbnail functionality of
 the Blender open-source 3d creation suite version 2.78c. A specially
 crafted .blend file can cause an integer overflow resulting in a buffer
 overflow which can allow for code execution under the context of the
 application. An attacker can convince a user to render the thumbnail for
 the file while in the File->Open dialog.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_blender:
upstream_blender: needs-triage
precise/esm_blender: DNE
trusty_blender: ignored (reached end-of-life)
trusty/esm_blender: DNE (trusty was needed)
xenial_blender: ignored (end of standard support, was needed)
artful_blender: ignored (reached end-of-life)
bionic_blender: not-affected (2.79+dfsg0-1)
cosmic_blender: not-affected (2.79+dfsg0-1)
disco_blender: not-affected (2.79+dfsg0-1)
eoan_blender: not-affected (2.79+dfsg0-1)
focal_blender: not-affected (2.79+dfsg0-1)
groovy_blender: not-affected (2.79+dfsg0-1)
hirsute_blender: not-affected (2.79+dfsg0-1)
impish_blender: not-affected (2.79+dfsg0-1)
jammy_blender: not-affected (2.79+dfsg0-1)
devel_blender: not-affected (2.79+dfsg0-1)