https://bugzilla.redhat.com/show_bug.cgi?id=1571609
Bug ID: 1571609
Summary: CVE-2017-12086 blender: Integer overflow in
BKE_mesh_calc_normals_tessface potentially leading to
code execution
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: design-devel(a)lists.fedoraproject.org,
hobbes1069(a)gmail.com, kwizart(a)gmail.com,
luya_tfz(a)thefinalzone.net, negativo17(a)gmail.com,
promac(a)gmail.com
An exploitable integer overflow exists in the 'BKE_mesh_calc_normals_tessface'
functionality of the Blender open-source 3d creation suite. A specially crafted
.blend file can cause an integer overflow resulting in a buffer overflow which
can allow for code execution under the context of the application. An attacker
can convince a user to open a .blend file in order to trigger this
vulnerability.
External References:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0438
--
You are receiving this mail because:
You are on the CC list for the bug.