Candidate: CVE-2017-2918
PublicDate: 2018-04-24 19:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2918
 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0425
Description:
 An exploitable integer overflow exists in the Image loading functionality
 of the Blender open-source 3d creation suite v2.78c. A specially crafted
 .blend file can cause an integer overflow resulting in a buffer overflow
 which can allow for code execution under the context of the application. An
 attacker can convince a user to open the file or use it as a library in
 order to trigger this vulnerability.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_blender:
upstream_blender: released (2.79.a+dfsg0-1)
precise/esm_blender: DNE
trusty_blender: ignored (reached end-of-life)
trusty/esm_blender: DNE (trusty was needed)
xenial_blender: ignored (end of standard support, was needed)
artful_blender: ignored (reached end-of-life)
bionic_blender: not-affected (2.69.b+dfsg0-1)
cosmic_blender: not-affected (2.69.b+dfsg0-1)
disco_blender: not-affected (2.69.b+dfsg0-1)
eoan_blender: not-affected (2.69.b+dfsg0-1)
focal_blender: not-affected (2.69.b+dfsg0-1)
groovy_blender: not-affected (2.69.b+dfsg0-1)
hirsute_blender: not-affected (2.69.b+dfsg0-1)
impish_blender: not-affected (2.69.b+dfsg0-1)
jammy_blender: not-affected (2.69.b+dfsg0-1)
devel_blender: not-affected (2.69.b+dfsg0-1)