CVE-2017-2903
- Source
- https://cve.org/CVERecord?id=CVE-2017-2903
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-2903.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-2903
- Downstream
- Published
- 2018-04-24T19:29:03.440Z
- Modified
- 2026-04-16T01:46:55.517105912Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
- Database specific
{ "unresolved_ranges": [ { "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "8.0" } ], "cpe": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "9.0" } ], "cpe": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" } ] }- References
Affected packages
Git / github.com/blender/blender
Affected ranges
- Type
- GIT
- Repo
- https://github.com/blender/blender
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "source": "CPE_FIELD", "extracted_events": [ { "introduced": "0" }, { "last_affected": "2.78c" } ], "cpe": "cpe:2.3:a:blender:blender:2.78c:*:*:*:*:*:*:*" }
Affected versions
v2.*
v2.25
v2.26
v2.28
v2.28a
v2.28c
v2.30
v2.31
v2.31a
v2.32
v2.33
v2.33a
v2.34
v2.35
v2.35a
v2.37
v2.37a
v2.40
v2.42
v2.42a
v2.43
v2.44
v2.48
v2.48a
v2.55
v2.56a
v2.57
v2.57a
v2.57b
v2.58
v2.58a
v2.59
v2.60
v2.63
v2.66
v2.70-rc
v2.71-rc1
v2.72-rc1
v2.73-rc1
v2.74-rc1
v2.78
v2.78-rc1
v2.78-rc2
v2.78a
v2.78b
v2.78c