ID CVE-2017-12086 Type cve Reporter cve@mitre.org Modified 2019-03-27T14:39:00
Description
An exploitable integer overflow exists in the 'BKE_mesh_calc_normals_tessface' functionality of the Blender open-source 3d creation suite. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability.
{"talos": [{"lastseen": "2019-05-29T19:20:10", "bulletinFamily": "info", "description": "# Talos Vulnerability Report\n\n### TALOS-2017-0438\n\n## Blender BKE_mesh_calc_normals_tessface Integer Overflow Code Execution Vulnerability\n\n##### January 11, 2018\n\n##### CVE Number\n\nCVE-2017-12086 \n\n### Summary\n\nAn exploitable integer overflow exists in the `BKE_mesh_calc_normals_tessface` functionality of the Blender open-source 3d creation suite. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability.\n\n### Tested Versions\n\nBlender v2.78c\n\n### Product URLs\n\n[http://www.blender.org](<https://www.blender.org>) git://git.blender.org/blender.git\n\n### CVSSv3 Score\n\n8.8 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n\n### CWE\n\nCWE-190 - Integer Overflow or Wraparound\n\n### Details\n\nBlender is a professional, open-source 3d computer graphics application. It is used for creating animated films, visual effects, art, 3d printed applications, and video games. It is also capable of doing minimalistic video editing and sequencing as needed by the user. There are various features that it provides which allow for a user to perform a multitude of actions as required by a particular project.\n\nThis vulnerability exists with how the Blender application fixes the normals within a `Mesh` object when loading an older version of a .blend file. When allocating space for the faces and vertices of a `Mesh` object, the application will perform some arithmetic which can overflow. This will then be used to perform an allocation which can allow for an undersized buffer. Later when the application attempts to calculate the normals for the vertices and faces of the mesh, the application will write outside the bounds of the buffer resulting in a heap-based buffer overflow.\n\nAfter initially loading the file, the application will call the `blo_do_versions_250` function. This function will check the version of the file as specified in the `FileGlobals` structure. At [1], if the version is less than 256 (exclusive) or the version is equal to 256 and sub-version is less than 6 then the application will iterate through all of the Mesh data-blocks with the Code 'ME\\x00\\x00' that were read from the file. For each of these `Mesh` objects, the function `BKE_mesh_calc_normals_tessface` will be called at [2]. The arguments that are passed to this function come from the `Mesh` object. The fields that are directly responsible for this vulnerability are the `totvert` and the `totface` fields of the `Mesh` structure.\n \n \n source/blender/blenloader/intern/versioning_250.c:732\n void blo_do_versions_250(FileData *fd, Library *lib, Main *main)\n {\n ...\n if (main->versionfile < 256 || (main->versionfile == 256 && main->subversionfile < 6)) { // [1]\n Mesh *me;\n \n for (me = main->mesh.first; me; me = me->id.next)\n BKE_mesh_calc_normals_tessface(me->mvert, me->totvert, me->mface, me->totface, NULL); // [2]\n }\n \n\nOnce inside the `BKE_mesh_calc_normals_tessface` function, the application will take the values from the `totface` and `totvert` fields and use them to perform a multiplication at [3] in order to allocate space for the calculations required for both the faces and vertices of the mesh. The size of both fields are a 4 for a float, and 3 for three of them. This results in the multiplication for both allocations being 12 and the `totvert` field or the `totface` field. If the result of this product is larger than 32-bits then an integer overflow will occur. This will cause the memory that is allocated to be undersized. Later at [4], the application will use one of these undersized buffers to calculate the normals of each face of the `Mesh`. Also at [5], the normals for each vertex will be calculated. The provided-proof-of-concept utilizes the calculation of the normal for each vertex in order to corrupt memory and trigger the vulnerability. At [6], the application will store the normal that was calculated into the buffer that was allocated corrupting memory outside the bounds of the allocated buffer. This type of memory corruption could allow for code execution under the context of the application.\n \n \n source/blender/blenkernel/intern/mesh_evaluate.c:317\n void BKE_mesh_calc_normals_tessface(\n MVert *mverts, int numVerts,\n const MFace *mfaces, int numFaces,\n float (*r_faceNors)[3])\n {\n float (*tnorms)[3] = MEM_callocN(sizeof(*tnorms) * (size_t)numVerts, \"tnorms\"); // [3]\n float (*fnors)[3] = (r_faceNors) ? r_faceNors : MEM_callocN(sizeof(*fnors) * (size_t)numFaces, \"meshnormals\");\n ...\n for (i = 0; i < numFaces; i++) {\n const MFace *mf = &mfaces[i];\n float *f_no = fnors[i];\n float *n4 = (mf->v4) ? tnorms[mf->v4] : NULL;\n const float *c4 = (mf->v4) ? mverts[mf->v4].co : NULL; // [4]\n ...\n }\n ...\n for (i = 0; i < numVerts; i++) {\n MVert *mv = &mverts[i];\n float *no = tnorms[i];\n \n if (UNLIKELY(normalize_v3(no) == 0.0f)) {\n normalize_v3_v3(no, mv->co); // [5]\n }\n \n normal_float_to_short_v3(mv->no, no); // [6] \\\n }\n ...\n }\n \\\n source/blender/blenlib/intern/math_vector_inline.c:959\n MINLINE void normal_float_to_short_v3(short out[3], const float in[3])\n {\n out[0] = (short) (in[0] * 32767.0f);\n out[1] = (short) (in[1] * 32767.0f);\n out[2] = (short) (in[2] * 32767.0f);\n }\n \n\n### Crash Information\n \n \n (1aa0.1464): Access violation - code c0000005 (first chance)\n First chance exceptions are reported before any exception handling.\n This exception may be expected and handled.\n eax=00000000 ebx=0d9acfa4 ecx=00007ff0 edx=01018e2c esi=0d9f53cc edi=0da3dff8\n eip=01b83423 esp=00f9ee28 ebp=00f9ee48 iopl=0 nv up ei pl nz na po cy\n cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010203\n blender!PyInit_mathutils_noise_types+0x2949a3:\n 01b83423 66894708 mov word ptr [edi+8],ax ds:002b:0da3e000=????\n 0:000> dc @edi\n 0da3dff8 00000000 00000000 ???????? ???????? ........????????\n 0da3e008 ???????? ???????? ???????? ???????? ????????????????\n 0da3e018 ???????? ???????? ???????? ???????? ????????????????\n 0da3e028 ???????? ???????? ???????? ???????? ????????????????\n 0da3e038 ???????? ???????? ???????? ???????? ????????????????\n 0da3e048 ???????? ???????? ???????? ???????? ????????????????\n 0da3e058 ???????? ???????? ???????? ???????? ????????????????\n 0da3e068 ???????? ???????? ???????? ???????? ????????????????\n \n\n### Exploit Proof-of-Concept\n\nIncluded with this advisory is a generator for the vulnerability. This proof-of-concept requires python and takes a single-argument which is the filename to write the .blend file to.\n \n \n $ python poc.py.zip $FILENAME.blend\n \n\nTo trigger the vulnerability, one can simply open the file or use it as a library. It can also be passed as an argument to the blender executable.\n \n \n $ /path/to/blender.exe $FILENAME.blend\n \n\n### Mitigation\n\nIn order to mitigate this vulnerability, it is recommended to not use untrusted blender files.\n\n### Timeline\n\n2017-09-06 - Vendor Disclosure \n2018-01-11 - Public Release\n\n##### Credit\n\nDiscovered by a member of Cisco Talos.\n\n* * *\n\nVulnerability Reports Next Report\n\nTALOS-2017-0451\n\nPrevious Report\n\nTALOS-2017-0434\n", "modified": "2018-01-11T00:00:00", "published": "2018-01-11T00:00:00", "id": "TALOS-2017-0438", "href": "http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0438", "title": "Blender BKE_mesh_calc_normals_tessface Integer Overflow Code Execution Vulnerability", "type": "talos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:21:30", "bulletinFamily": "unix", "description": "Package : blender\nVersion : 2.72.b+dfsg0-3+deb8u1\nCVE ID : CVE-2017-2899 CVE-2017-2900 CVE-2017-2901 CVE-2017-2902\n CVE-2017-2903 CVE-2017-2904 CVE-2017-2905 CVE-2017-2906\n CVE-2017-2907 CVE-2017-2908 CVE-2017-2918\n CVE-2017-12081 CVE-2017-12082 CVE-2017-12086\n CVE-2017-12099 CVE-2017-12100 CVE-2017-12101\n CVE-2017-12102 CVE-2017-12103 CVE-2017-12104\n CVE-2017-12105\n\nMultiple vulnerabilities have been discovered in various parsers of\nBlender, a 3D modeller/ renderer. Malformed .blend model files and\nmalformed multimedia files (AVI, BMP, HDR, CIN, IRIS, PNG, TIFF) may\nresult in the execution of arbitrary code.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n2.72.b+dfsg0-3+deb8u1.\n\nWe recommend that you upgrade your blender packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "modified": "2018-08-13T11:09:14", "published": "2018-08-13T11:09:14", "id": "DEBIAN:DLA-1465-1:9B5F3", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201808/msg00011.html", "title": "[SECURITY] [DLA 1465-1] blender security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:21:31", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4248-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJuly 17, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : blender\nCVE ID : CVE-2017-2899 CVE-2017-2900 CVE-2017-2901 CVE-2017-2902 \n CVE-2017-2903 CVE-2017-2904 CVE-2017-2905 CVE-2017-2906 \n CVE-2017-2907 CVE-2017-2908 CVE-2017-2918 CVE-2017-12081 \n CVE-2017-12082 CVE-2017-12086 CVE-2017-12099 CVE-2017-12100 \n CVE-2017-12101 CVE-2017-12102 CVE-2017-12103 CVE-2017-12104 \n CVE-2017-12105\n\nMultiple vulnerabilities have been discovered in various parsers of\nBlender, a 3D modeller/ renderer. Malformed .blend model files and\nmalformed multimedia files (AVI, BMP, HDR, CIN, IRIS, PNG, TIFF) may\nresult in the execution of arbitrary code.\n\t\t\t\t\t\t\t \nFor the stable distribution (stretch), these problems have been fixed in\nversion 2.79.b+dfsg0-1~deb9u1.\n\nWe recommend that you upgrade your blender packages.\n\nFor the detailed security status of blender please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/blender\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2018-07-17T20:37:12", "published": "2018-07-17T20:37:12", "id": "DEBIAN:DSA-4248-1:5CA0C", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2018/msg00177.html", "title": "[SECURITY] [DSA 4248-1] blender security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2019-11-01T02:22:53", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities have been discovered in various parsers of\nBlender, a 3D modeller/ renderer. Malformed .blend model files and\nmalformed multimedia files (AVI, BMP, HDR, CIN, IRIS, PNG, TIFF) may\nresult in the execution of arbitrary code.", "modified": "2019-11-02T00:00:00", "id": "DEBIAN_DSA-4248.NASL", "href": "https://www.tenable.com/plugins/nessus/111140", "published": "2018-07-18T00:00:00", "title": "Debian DSA-4248-1 : blender - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4248. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111140);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/07/15 14:20:30\");\n\n script_cve_id(\"CVE-2017-12081\", \"CVE-2017-12082\", \"CVE-2017-12086\", \"CVE-2017-12099\", \"CVE-2017-12100\", \"CVE-2017-12101\", \"CVE-2017-12102\", \"CVE-2017-12103\", \"CVE-2017-12104\", \"CVE-2017-12105\", \"CVE-2017-2899\", \"CVE-2017-2900\", \"CVE-2017-2901\", \"CVE-2017-2902\", \"CVE-2017-2903\", \"CVE-2017-2904\", \"CVE-2017-2905\", \"CVE-2017-2906\", \"CVE-2017-2907\", \"CVE-2017-2908\", \"CVE-2017-2918\");\n script_xref(name:\"DSA\", value:\"4248\");\n\n script_name(english:\"Debian DSA-4248-1 : blender - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been discovered in various parsers of\nBlender, a 3D modeller/ renderer. Malformed .blend model files and\nmalformed multimedia files (AVI, BMP, HDR, CIN, IRIS, PNG, TIFF) may\nresult in the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/blender\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/blender\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4248\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the blender packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 2.79.b+dfsg0-1~deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:blender\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"blender\", reference:\"2.79.b+dfsg0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"blender-data\", reference:\"2.79.b+dfsg0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"blender-dbg\", reference:\"2.79.b+dfsg0-1~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:18:59", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities have been discovered in various parsers of\nBlender, a 3D modeller/ renderer. Malformed .blend model files and\nmalformed multimedia files (AVI, BMP, HDR, CIN, IRIS, PNG, TIFF) may\nresult in the execution of arbitrary code.\n\nFor Debian 8 ", "modified": "2019-11-02T00:00:00", "id": "DEBIAN_DLA-1465.NASL", "href": "https://www.tenable.com/plugins/nessus/111705", "published": "2018-08-15T00:00:00", "title": "Debian DLA-1465-1 : blender security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1465-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111705);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/07/15 14:20:30\");\n\n script_cve_id(\"CVE-2017-12081\", \"CVE-2017-12082\", \"CVE-2017-12086\", \"CVE-2017-12099\", \"CVE-2017-12100\", \"CVE-2017-12101\", \"CVE-2017-12102\", \"CVE-2017-12103\", \"CVE-2017-12104\", \"CVE-2017-12105\", \"CVE-2017-2899\", \"CVE-2017-2900\", \"CVE-2017-2901\", \"CVE-2017-2902\", \"CVE-2017-2903\", \"CVE-2017-2904\", \"CVE-2017-2905\", \"CVE-2017-2906\", \"CVE-2017-2907\", \"CVE-2017-2908\", \"CVE-2017-2918\");\n\n script_name(english:\"Debian DLA-1465-1 : blender security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been discovered in various parsers of\nBlender, a 3D modeller/ renderer. Malformed .blend model files and\nmalformed multimedia files (AVI, BMP, HDR, CIN, IRIS, PNG, TIFF) may\nresult in the execution of arbitrary code.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n2.72.b+dfsg0-3+deb8u1.\n\nWe recommend that you upgrade your blender packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/blender\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected blender, blender-data, and blender-dbg packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:blender\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:blender-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:blender-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"blender\", reference:\"2.72.b+dfsg0-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"blender-data\", reference:\"2.72.b+dfsg0-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"blender-dbg\", reference:\"2.72.b+dfsg0-3+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-07-04T18:56:38", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities have been discovered in various parsers of\nBlender, a 3D modeller/ renderer. Malformed .blend model files and\nmalformed multimedia files (AVI, BMP, HDR, CIN, IRIS, PNG, TIFF) may\nresult in the execution of arbitrary code.", "modified": "2019-07-04T00:00:00", "published": "2018-07-17T00:00:00", "id": "OPENVAS:1361412562310704248", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704248", "title": "Debian Security Advisory DSA 4248-1 (blender - security update)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4248-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704248\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2017-12081\", \"CVE-2017-12082\", \"CVE-2017-12086\", \"CVE-2017-12099\", \"CVE-2017-12100\",\n \"CVE-2017-12101\", \"CVE-2017-12102\", \"CVE-2017-12103\", \"CVE-2017-12104\", \"CVE-2017-12105\",\n \"CVE-2017-2899\", \"CVE-2017-2900\", \"CVE-2017-2901\", \"CVE-2017-2902\", \"CVE-2017-2903\",\n \"CVE-2017-2904\", \"CVE-2017-2905\", \"CVE-2017-2906\", \"CVE-2017-2907\", \"CVE-2017-2908\",\n \"CVE-2017-2918\");\n script_name(\"Debian Security Advisory DSA 4248-1 (blender - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-07-17 00:00:00 +0200 (Tue, 17 Jul 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4248.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"blender on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 2.79.b+dfsg0-1~deb9u1.\n\nWe recommend that you upgrade your blender packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/blender\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities have been discovered in various parsers of\nBlender, a 3D modeller/ renderer. Malformed .blend model files and\nmalformed multimedia files (AVI, BMP, HDR, CIN, IRIS, PNG, TIFF) may\nresult in the execution of arbitrary code.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"blender\", ver:\"2.79.b+dfsg0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"blender-data\", ver:\"2.79.b+dfsg0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"blender-dbg\", ver:\"2.79.b+dfsg0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:28", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities have been discovered in various parsers of\nBlender, a 3D modeller/ renderer. Malformed .blend model files and\nmalformed multimedia files (AVI, BMP, HDR, CIN, IRIS, PNG, TIFF) may\nresult in the execution of arbitrary code.", "modified": "2019-03-18T00:00:00", "published": "2018-08-14T00:00:00", "id": "OPENVAS:1361412562310891465", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891465", "title": "Debian LTS Advisory ([SECURITY] [DLA 1465-1] blender security update)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_dla_1465.nasl 14270 2019-03-18 14:24:29Z cfischer $\n#\n# Auto-generated from advisory DLA 1465-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891465\");\n script_version(\"$Revision: 14270 $\");\n script_cve_id(\"CVE-2017-12081\", \"CVE-2017-12082\", \"CVE-2017-12086\", \"CVE-2017-12099\", \"CVE-2017-12100\",\n \"CVE-2017-12101\", \"CVE-2017-12102\", \"CVE-2017-12103\", \"CVE-2017-12104\", \"CVE-2017-12105\",\n \"CVE-2017-2899\", \"CVE-2017-2900\", \"CVE-2017-2901\", \"CVE-2017-2902\", \"CVE-2017-2903\",\n \"CVE-2017-2904\", \"CVE-2017-2905\", \"CVE-2017-2906\", \"CVE-2017-2907\", \"CVE-2017-2908\",\n \"CVE-2017-2918\");\n script_name(\"Debian LTS Advisory ([SECURITY] [DLA 1465-1] blender security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:24:29 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-08-14 00:00:00 +0200 (Tue, 14 Aug 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"blender on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n2.72.b+dfsg0-3+deb8u1.\n\nWe recommend that you upgrade your blender packages.\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities have been discovered in various parsers of\nBlender, a 3D modeller/ renderer. Malformed .blend model files and\nmalformed multimedia files (AVI, BMP, HDR, CIN, IRIS, PNG, TIFF) may\nresult in the execution of arbitrary code.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"blender\", ver:\"2.72.b+dfsg0-3+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"blender-data\", ver:\"2.72.b+dfsg0-3+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"blender-dbg\", ver:\"2.72.b+dfsg0-3+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}