CVE-2017-12103
- Source
- https://cve.org/CVERecord?id=CVE-2017-12103
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-12103.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-12103
- Downstream
- Published
- 2018-04-24T19:29:01.237Z
- Modified
- 2026-04-16T01:46:08.594702710Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts text rendered as a font into a curve. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability.
- Database specific
{ "unresolved_ranges": [ { "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "8.0" } ], "cpe": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "9.0" } ], "cpe": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" } ] }- References
Affected packages
Git / github.com/blender/blender
Affected ranges
- Type
- GIT
- Repo
- https://github.com/blender/blender
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "source": "CPE_FIELD", "extracted_events": [ { "introduced": "0" }, { "last_affected": "2.78c" } ], "cpe": "cpe:2.3:a:blender:blender:2.78c:*:*:*:*:*:*:*" }
Affected versions
v2.*
v2.25
v2.26
v2.28
v2.28a
v2.28c
v2.30
v2.31
v2.31a
v2.32
v2.33
v2.33a
v2.34
v2.35
v2.35a
v2.37
v2.37a
v2.40
v2.42
v2.42a
v2.43
v2.44
v2.48
v2.48a
v2.55
v2.56a
v2.57
v2.57a
v2.57b
v2.58
v2.58a
v2.59
v2.60
v2.63
v2.66
v2.70-rc
v2.71-rc1
v2.72-rc1
v2.73-rc1
v2.74-rc1
v2.78
v2.78-rc1
v2.78-rc2
v2.78a
v2.78b
v2.78c