Bug ID 1103535
Summary VUL-0: blender: Multiple vulnerabilities
Classification openSUSE
Product openSUSE Distribution
Version Leap 42.3
Hardware Other
URL https://smash.suse.de/issue/212074/
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee davejplater@gmail.com
Reporter jsegitz@suse.com
QA Contact security-team@suse.de
Found By Security Response Team
Blocker --- 

CVE-2017-12103: An exploitable integer overflow exists in the way that the
Blender open-source 3d creation suite v2.78c converts curves to polygons. A
specially crafted .blend file can cause an integer overflow resulting in a
buffer overflow which can allow for code execution under the context of the
application. An attacker can convince a user to open the file or use the file
as a library in order to trigger this vulnerability.
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0454

CVE-2017-2906: An exploitable integer overflow exists in the animation playing
functionality of the Blender open-source 3d creation suite version 2.78c. A
specially created '.avi' file can cause an integer overflow resulting in a
buffer overflow which can allow for code execution under the context of the
application. An attacker can convince a user to use the file as an asset in
order to trigger this vulnerability.
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0413

CVE-2017-2907: An exploitable integer overflow exists in the animation playing
functionality of the Blender open-source 3d creation suite version 2.78c. A
specially created '.avi' file can cause an integer overflow resulting in a
buffer overflow which can allow for code execution under the context of the
application. An attacker can convince a user to use the file as an asset in
order to trigger this vulnerability.
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0414

CVE-2017-2908: An exploitable integer overflow exists in the thumbnail
functionality of the Blender open-source 3d creation suite version 2.78c. A
specially crafted .blend file can cause an integer overflow resulting in a
buffer overflow which can allow for code execution under the context of the
application. An attacker can convince a user to render the thumbnail for the
file while in the File->Open dialog.
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0415

CVE-2017-12105: An exploitable integer overflow exists in the way that the
Blender open-source 3d creation suite v2.78c applies a particular object
modifier to a Mesh. A specially crafted .blend file can cause an integer
overflow resulting in a buffer overflow which can allow for code execution
under the context of the application. An attacker can convince a user to open
the file or use the file as a library in order to trigger this vulnerability.
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0457

CVE-2017-2918: An exploitable integer overflow exists in the Image loading
functionality of the Blender open-source 3d creation suite v2.78c. A specially
crafted .blend file can cause an integer overflow resulting in a buffer
overflow which can allow for code execution under the context of the
application. An attacker can convince a user to open the file or use it as a
library in order to trigger this vulnerability.
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0425

CVE-2017-12104: An exploitable integer overflow exists in the way that the
Blender open-source 3d creation suite v2.78c draws a Particle object. A
specially crafted .blend file can cause an integer overflow resulting in a
buffer overflow which can allow for code execution under the context of the
application. An attacker can convince a user to open the file or use the file
as a library in order to trigger this vulnerability.
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0425

CVE-2017-12101: An exploitable integer overflow exists in the
'modifier_mdef_compact_influences' functionality of the Blender open-source 3d
creation suite v2.78c. A specially crafted .blend file can cause an integer
overflow resulting in a buffer overflow which can allow for code execution
under the context of the application. An attacker can convince a user to open a
.blend file in order to trigger this vulnerability.
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0453

CVE-2017-12100: An exploitable integer overflow exists in the
'multires_load_old_dm' functionality of the Blender open-source 3d creation
suite v2.78c. A specially crafted .blend file can cause an integer overflow
resulting in a buffer overflow which can allow for code execution under the
context of the application. An attacker can convince a user to open a .blend
file in order to trigger this vulnerability.
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0452

CVE-2017-12099: An exploitable integer overflow exists in the upgrade of the
legacy Mesh attribute 'tface' of the Blender open-source 3d creation suite
v2.78c. A specially crafted .blend file can cause an integer overflow resulting
in a buffer overflow which can allow for code execution under the context of
the application. An attacker can convince a user to open the file or use it as
a library in order to trigger this vulnerability.
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0451

CVE-2017-12082: An exploitable integer overflow exists in the 'CustomData' Mesh
loading functionality of the Blender open-source 3d creation suite. A .blend
file with a specially crafted external data file can cause an integer overflow
resulting in a buffer overflow which can allow for code execution under the
context of the application. An attacker can convince a user to edit an object
within a .blend library in their Scene in order to trigger this vulnerability.
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0434

CVE-2017-12081: An exploitable integer overflow exists in the upgrade of a
legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A
specially crafted .blend file can cause an integer overflow resulting in a
buffer overflow which can allow for code execution under the context of the
application. An attacker can convince a user to open the file or use it as a
library in order to trigger this vulnerability.
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0433

CVE-2017-12103: An exploitable integer overflow exists in the way that the
Blender open-source 3d creation suite v2.78c converts text rendered as a font
into a curve. A specially crafted .blend file can cause an integer overflow
resulting in a buffer overflow which can allow for code execution under the
context of the application. An attacker can convince a user to open the file or
use the file as a library in order to trigger this vulnerability.
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0455

CVE-2017-2905: An exploitable integer overflow exists in the bmp loading
functionality of the Blender open-source 3d creation suite version 2.78c. A
specially crafted '.bmp' file can cause an integer overflow resulting in a
buffer overflow which can allow for code execution under the context of the
application. An attacker can convince a user to use the file as an asset via
the sequencer in order to trigger this vulnerability.
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0412

You are receiving this mail because: