{"id":"CVE-2017-12082","details":"An exploitable integer overflow exists in the 'CustomData' Mesh loading functionality of the Blender open-source 3d creation suite. A .blend file with a specially crafted external data file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to edit an object within a .blend library in their Scene in order to trigger this vulnerability.","modified":"2026-04-10T03:58:30.284446Z","published":"2018-04-24T19:29:00.847Z","related":["MGASA-2018-0332"],"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4248"},{"type":"EVIDENCE","url":"https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0434"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/blender/blender","events":[{"introduced":"0"},{"last_affected":"e92f235283071c13759bc4e6e861e4e938985307"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.78c"}]}}],"versions":["v2.25","v2.26","v2.28","v2.28a","v2.28c","v2.30","v2.31","v2.31a","v2.32","v2.33","v2.33a","v2.34","v2.35","v2.35a","v2.37","v2.37a","v2.40","v2.42","v2.42a","v2.43","v2.44","v2.48","v2.48a","v2.55","v2.56a","v2.57","v2.57a","v2.57b","v2.58","v2.58a","v2.59","v2.60","v2.63","v2.66","v2.70-rc","v2.71-rc1","v2.72-rc1","v2.73-rc1","v2.74-rc1","v2.78","v2.78-rc1","v2.78-rc2","v2.78a","v2.78b","v2.78c"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-12082.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}