CVE-2017-2906

2022-05-21T00:19:51

Description

An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability.

{"id": "RH:CVE-2017-2906", "vendorId": null, "type": "redhatcve", "bulletinFamily": "info", "title": "CVE-2017-2906", "description": "An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability.\n", "published": "2022-05-21T00:19:51", "modified": "2022-05-21T00:19:51", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.8}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://access.redhat.com/security/cve/cve-2017-2906", "reporter": "redhat.com", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1610831"], "cvelist": ["CVE-2017-2905", "CVE-2017-2906"], "immutableFields": [], "lastseen": "2022-05-21T01:24:04", "viewCount": 5, "enchantments": {"score": {"value": 6.1, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-2905", "CVE-2017-2906"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1465-1:3FC65", "DEBIAN:DLA-1465-1:9B5F3", "DEBIAN:DSA-4248-1:5CA0C"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-2905", "DEBIANCVE:CVE-2017-2906"]}, {"type": "mageia", "idList": ["MGASA-2018-0332"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-1465.NASL", "DEBIAN_DSA-4248.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704248", "OPENVAS:1361412562310891465"]}, {"type": "osv", "idList": ["OSV:DLA-1465-1", "OSV:DSA-4248-1"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-2908"]}, {"type": "talos", "idList": ["TALOS-2017-0412", "TALOS-2017-0413"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-2905", "UB:CVE-2017-2906"]}]}, "epss": [{"cve": "CVE-2017-2905", "epss": "0.001650000", "percentile": "0.514830000", "modified": "2023-03-19"}, {"cve": "CVE-2017-2906", "epss": "0.001650000", "percentile": "0.514830000", "modified": "2023-03-19"}], "vulnersScore": 6.1}, "_state": {"dependencies": 1659998956, "score": 1684014194, "epss": 1679298256}, "_internal": {"score_hash": "114db6560a2b472ead2ed49fa24c91e6"}, "vendorCvss": {"score": "6.3", "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}}

{"talos": [{"lastseen": "2023-06-23T15:26:45", "description": "### Summary\n\nAn exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created `.avi` file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability.\n\n### Tested Versions\n\nBlender v2.78c\n\n### Product URLs\n\n<http://www.blender.org> <git://git.blender.org/blender.git>\n\n### CVSSv3 Score\n\n8.8 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n\n### CWE\n\nCWE-190 - Integer Overflow or Wraparound\n\n### Details\n\nBlender is a professional, open-source 3d computer graphics application. It is used for creating animated films, visual effects, art, 3d printed applications, and video games. It is also capable of doing minimalistic video editing and sequencing as needed by the user. There are various features that it provides which allow for a user to perform a multitude of actions as required by a particular project.\n\nThis vulnerability exists with how the Blender application verifies the type of animation when adding or playing a video via the sequencer. When allocating space for the number of audio/video streams within a `.avi` file the application will perform some arithmetic which can overflow. This result will then be used to perform an allocation which can allow for an undersized buffer. Later when the application attempts to load data from the file into this buffer, a heap-based buffer overflow will occur.\n\nWhen determining the animation type, the function `imb_get_anim_type` in the `source/blender/imbuf/intern/util.c` file will be called. Inside this function, the application will call various functions in order to determine the animation type. Within these various tests is a call to the function `is_avi` [1]. This function is simply a wrapper which will then call `AVI_is_avi`.\n \n \n source/blender/imbuf/intern/util.c:376\n int imb_get_anim_type(const char *name)\n {\n int type;\n BLI_stat_t st;\n \n BLI_assert(!BLI_path_is_rel(name));\n \n if (UTIL_DEBUG) printf(\"%s: %s\\n\", __func__, name);\n ...\n if (isavi(name)) return (ANIM_AVI); // [1] \\\n ...\n return ANIM_NONE;\n }\n \n source/blender/imbuf/intern/util.c:376\n static int isavi(const char *name)\n {\n #ifdef WITH_AVI\n return AVI_is_avi(name); // [2]\n #else\n (void)name;\n return false;\n #endif\n }\n \n\nThe `AVI_is_avi` function contains the integer overflow described in this advisory. At the beginning of the function, the application will first open up the filename [3] followed by validating different parts of the header in order to determine it is a `.avi` file type. After confirming it has a proper header, various fields are read from the file. One of these fields is the number of streams at [4]. This field is used to determine the number of audio or video streams that may follow.\n \n \n source/blender/avi/intern/avi.c:233\n bool AVI_is_avi(const char *name)\n {\n int temp, fcca, j;\n AviMovie movie = {NULL};\n AviMainHeader header;\n AviBitmapInfoHeader bheader;\n int movie_tracks = 0;\n \n DEBUG_PRINT(\"opening movie\\n\");\n \n movie.type = AVI_MOVIE_READ;\n movie.fp = BLI_fopen(name, \"rb\"); // [3]\n movie.offset_table = NULL;\n ...\n movie.header->MicroSecPerFrame = GET_FCC(movie.fp);\n movie.header->MaxBytesPerSec = GET_FCC(movie.fp);\n movie.header->PaddingGranularity = GET_FCC(movie.fp);\n movie.header->Flags = GET_FCC(movie.fp);\n movie.header->TotalFrames = GET_FCC(movie.fp);\n movie.header->InitialFrames = GET_FCC(movie.fp);\n movie.header->Streams = GET_FCC(movie.fp); // [4]\n movie.header->SuggestedBufferSize = GET_FCC(movie.fp);\n movie.header->Width = GET_FCC(movie.fp);\n movie.header->Height = GET_FCC(movie.fp);\n movie.header->Reserved[0] = GET_FCC(movie.fp);\n movie.header->Reserved[1] = GET_FCC(movie.fp);\n movie.header->Reserved[2] = GET_FCC(movie.fp);\n movie.header->Reserved[3] = GET_FCC(movie.fp);\n \n\nWithin the same function, the application will then check to see if the number of streams are they are greater or equal to 1 [5]. This checks that a file is not malformed due to having a signed value in the field. However, immediately afterwards the application will multiply this value by the size of an `AviStreamRec` header. When compiled, this size is 0x4c bytes in length. Due to a failure to accommodate for the overflow, this multiply can cause the size to wrap which may result in a size that is smaller then an `AviStreamRec` being used for an allocation.\n \n \n source/blender/avi/intern/avi.c:288\n if (movie.header->Streams < 1) { // [5]\n DEBUG_PRINT(\"streams less than 1\\n\");\n fclose(movie.fp);\n return 0;\n }\n \n movie.streams = (AviStreamRec *) MEM_callocN(sizeof(AviStreamRec) * movie.header->Streams, \"moviestreams\"); // [6]\n \n\nLater, the application will then use the number of streams as a terminator for a loop [7] in order to read contents from the file into the `movie.streams` buffer. If the number of streams multiplied by the size of an `AviStreamRec (0x4c)` is larger than 32-bits, then this loop will write outside the bounds of the buffer leading to a heap-based buffer overflow.\n \n \n src/source/blender/avi/intern/avi.c:296\n for (temp = 0; temp < movie.header->Streams; temp++) { // [7]\n ...\n movie.streams[temp].sh.Type = GET_FCC(movie.fp);\n movie.streams[temp].sh.Handler = GET_FCC(movie.fp);\n \n fcca = movie.streams[temp].sh.Handler;\n \n ...\n movie.streams[temp].sh.Flags = GET_FCC(movie.fp);\n movie.streams[temp].sh.Priority = GET_TCC(movie.fp);\n movie.streams[temp].sh.Language = GET_TCC(movie.fp);\n movie.streams[temp].sh.InitialFrames = GET_FCC(movie.fp);\n movie.streams[temp].sh.Scale = GET_FCC(movie.fp);\n movie.streams[temp].sh.Rate = GET_FCC(movie.fp);\n movie.streams[temp].sh.Start = GET_FCC(movie.fp);\n movie.streams[temp].sh.Length = GET_FCC(movie.fp);\n movie.streams[temp].sh.SuggestedBufferSize = GET_FCC(movie.fp);\n movie.streams[temp].sh.Quality = GET_FCC(movie.fp);\n movie.streams[temp].sh.SampleSize = GET_FCC(movie.fp);\n movie.streams[temp].sh.left = GET_TCC(movie.fp);\n movie.streams[temp].sh.top = GET_TCC(movie.fp);\n movie.streams[temp].sh.right = GET_TCC(movie.fp);\n movie.streams[temp].sh.bottom = GET_TCC(movie.fp);\n ...\n }\n \n MEM_freeN(movie.streams);\n fclose(movie.fp);\n \n /* at least one video track is needed */\n return (movie_tracks != 0); \n \n }\n \n\n### Crash Information\n\n(76c.2520): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=00000000 ebx=146c0fdc ecx=00000000 edx=0b42d8c0 esi=00000000 edi=04335298 eip=0172b39a esp=0490f1d4 ebp=0490f288 iopl=0 nv up ei pl zr na pe nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246 blender!osl_texture_set_swrap_code+0x4010a: 0172b39a 894324 mov dword ptr [ebx+24h],eax ds:002b:146c1000=????????\n\n0:000> !heap -p -a @ebx address 146c0fdc found in _DPH_HEAP_ROOT @ 9251000 in busy allocation ( DPH_HEAP_BLOCK: UserAddr UserSize - VirtAddr VirtSize) 14622784: 146c0fd8 24 - 146c0000 2000\n\n### Exploit Proof-of-Concept\n\nIncluded with this advisory is a generator for the vulnerability. This proof-of-concept requires python and takes a single-argument which is the filename to write the `.avi` file to.\n \n \n $ python poc.py $FILENAME.avi\n \n\nTo trigger the vulnerability, one can simply add it as an asset or they can pass it as an argument to the blender executable.\n \n \n $ /path/to/blender.exe -a $FILENAME.avi\n \n\n### Mitigation\n\nIn order to mitigate this vulnerability, it is recommended to not use untrusted animation files as an asset when composing a scene.\n\n### Timeline\n\n2017-09-06 - Vendor Disclosure \n2017-01-11 - Public Release\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-01-11T00:00:00", "type": "talos", "title": "Blender Sequencer imb_get_anim_type Streams Integer Overflow Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2906"], "modified": "2018-01-11T00:00:00", "id": "TALOS-2017-0413", "href": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0413", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-23T15:26:45", "description": "### Summary\n\nAn exploitable integer overflow exists in the bmp loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted `.bmp` file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.\n\n### Tested Versions\n\nBlender v2.78c\n\n### Product URLs\n\n<http://www.blender.org> <git://git.blender.org/blender.git>\n\n### CVSSv3 Score\n\n8.8 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n\n### CWE\n\nCWE-190 - Integer Overflow or Wraparound\n\n### Details\n\nBlender is a professional, open-source 3d computer graphics application. It is used for creating animated films, visual effects, art, 3d printed applications, and video games. It is also capable of doing minimalistic video editing and sequencing as needed by the user. There are various features that it provides which allow for a user to perform a multitude of actions as required by a particular project.\n\nThis vulnerability exists with how the Blender application loads a `.bmp` file as an asset for the video sequencer. When allocating space for the image data within a `.bmp` file, the application will perform some arithmetic which can overflow. This result will then be used to perform an allocation which can allow for an undersized buffer. Later when the application attempts to render the image data into this buffer, a heap-based buffer overflow will occur.\n\nWhen loading an image file, the function `IMB_loadiffname` in the `source/blender/imbuf/intern/readimage.c` file will be called. Inside this function, the application will first open the file and then call the `IMB_loadifffile` function [2].\n \n \n source/blender/imbuf/intern/readimage.c:212\n ImBuf *IMB_loadiffname(const char *filepath, int flags, char colorspace[IM_MAX_SPACE])\n {\n ...\n file = BLI_open(filepath_tx, O_BINARY | O_RDONLY, 0); // [1]\n if (file == -1)\n return NULL;\n \n ibuf = IMB_loadifffile(file, filepath, flags, colorspace, filepath_tx); // [2]\n \n\nInside the `IMB_loadifffile` function, the application will first map the whole file into memory using the `mmap` system-call [3]. After the file is successfully mapped into memory, the resulting pages will be passed to the `IMB_ibImageFromMemory` function [4]. This function is responsible for figuring out which file-format handlers to use, and then to call its respective loader.\n \n \n source/blender/imbuf/intern/readimage.c:165\n ImBuf *IMB_loadifffile(int file, const char *filepath, int flags, char colorspace[IM_MAX_SPACE], const char *descr)\n {\n ...\n imb_mmap_lock();\n mem = mmap(NULL, size, PROT_READ, MAP_SHARED, file, 0); // [3]\n imb_mmap_unlock();\n \n if (mem == (unsigned char *) -1) {\n fprintf(stderr, \"%s: couldn't get mapping %s\\n\", __func__, descr);\n return NULL;\n }\n \n ibuf = IMB_ibImageFromMemory(mem, size, flags, colorspace, descr); // [4]\n \n\nInside the following function, the application will iterate through a global list that contains different handlers for all of the image files that the application supports. At [5], the application will call the function responsible for loading the image out of memory.\n \n \n source/blender/imbuf/intern/readimage.c:104\n ImBuf *IMB_ibImageFromMemory(unsigned char *mem, size_t size, int flags, char colorspace[IM_MAX_SPACE], const char *descr)\n {\n ...\n for (type = IMB_FILE_TYPES; type < IMB_FILE_TYPES_LAST; type++) {\n if (type->load) {\n ibuf = type->load(mem, size, flags, effective_colorspace); // [5]\n if (ibuf) {\n imb_handle_alpha(ibuf, flags, colorspace, effective_colorspace);\n return ibuf;\n }\n }\n }\n \n\nWhen a `.bmp` file is determined, the function `imb_bmp_decode` is used to load the image from memory. First, the application will read the `BMPFILEHEADER` to determine where the pixel data is [6]. Aftewards the `BMPINFOHEADER`structure function will be read to determine the dimensions of the bitmap image [7]. This structure contains the sizes that will be combined to trigger the integer overflow.\n \n \n source/blender/imbuf/intern/bmp.c:123\n struct ImBuf *imb_bmp_decode(const unsigned char *mem, size_t size, int flags, char colorspace[IM_MAX_SPACE])\n {\n ...\n bmp = mem + LITTLE_LONG(*(int *)(mem + 10));\n ...\n /* for systems where an int needs to be 4 bytes aligned */\n memcpy(&bmi, mem, sizeof(bmi)); // [6]\n \n skip = LITTLE_LONG(bmi.biSize); // [7]\n x = LITTLE_LONG(bmi.biWidth);\n y = LITTLE_LONG(bmi.biHeight);\n depth = LITTLE_SHORT(bmi.biBitCount);\n xppm = LITTLE_LONG(bmi.biXPelsPerMeter);\n yppm = LITTLE_LONG(bmi.biYPelsPerMeter);\n \n if (depth <= 8) {\n ibuf_depth = 24;\n }\n else {\n ibuf_depth = depth;\n }\n \n\nOnce the dimensions in the `BMPINFOHEADER` structure have been read, the application will allocate space for the image data at [8]. This will take the `x` and `y` variables and multiply them by the `ibuf_depth`. If the product of all of these variables is larger than 32-bits, then an integer overflow will occur. This will result in an undersized heap-buffer. At [9], the application will enter a loop in order to read each row of pixel data from the file. At [10], the application will write to the buffer that was under-allocated resulting in a heap-based buffer overflow.\n \n \n source/blender/imbuf/intern/bmp.c:177\n if (flags & IB_test) {\n \tibuf = IMB_allocImBuf(x, y, ibuf_depth, 0);\n }\n else {\n \tibuf = IMB_allocImBuf(x, y, ibuf_depth, IB_rect); // [8]\n \trect = (unsigned char *) ibuf->rect;\n \n \tif (depth <= 8) {\n \t\tconst int rowsize = (depth * x + 31) / 32 * 4;\n \t\tconst char (*palette)[4] = (void *)(mem + skip);\n \t\tconst int startmask = ((1 << depth) - 1) << 8;\n \t\tfor (i = y; i > 0; i--) { // [9]\n \t\t\tint index;\n \t\t\tint bitoffs = 8;\n \t\t\tint bitmask = startmask;\n \t\t\tint nbytes = 0;\n \t\t\tconst char *pcol;\n \t\t\tif (top_to_bottom) {\n \t\t\t\trect = (unsigned char *) &ibuf->rect[(i - 1) * x];\n \t\t\t}\n \t\t\tfor (j = x; j > 0; j--) {\n \t\t\t\tbitoffs -= depth;\n \t\t\t\tbitmask >>= depth;\n \t\t\t\tindex = (bmp[0] & bitmask) >> bitoffs;\n \t\t\t\tpcol = palette[index];\n \t\t\t\t/* intentionally BGR -> RGB */\n \t\t\t\trect[0] = pcol[2]; // [10]\n \t\t\t\trect[1] = pcol[1];\n \t\t\t\trect[2] = pcol[0];\n \n \t\t\t\trect[3] = 255;\n \t\t\t\trect += 4;\n \t\t\t\tif (bitoffs == 0) {\n \t\t\t\t\t/* Advance to the next byte */\n \t\t\t\t\tbitoffs = 8;\n \t\t\t\t\tbitmask = startmask;\n \t\t\t\t\tnbytes += 1;\n \t\t\t\t\tbmp += 1;\n \t\t\t\t}\n \t\t\t}\n \t\t\t/* Advance to the next row */\n \t\t\tbmp += (rowsize - nbytes);\n \t\t}\n \t}\n \n\n### Crash Information\n \n \n (25a4.253c): Access violation - code c0000005 (first chance)\n First chance exceptions are reported before any exception handling.\n This exception may be expected and handled.\n eax=00000000 ebx=00000000 ecx=0f930036 edx=00000000 esi=0ffc1000 edi=0f930435\n eip=0182521f esp=0081f09c ebp=0081f110 iopl=0 nv up ei pl zr na pe nc\n cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246\n blender!osl_texture_set_interp_code+0x10ea1f:\n 0182521f 8806 mov byte ptr [esi],al ds:002b:0ffc1000=??\n \n 0:000> ? poi(poi(@ebp-8)+20)\n Evaluate expression: 268173316 = 0ffc0004\n \n\n### Exploit Proof-of-Concept\n\nIncluded with this advisory is a generator for the vulnerability. This proof-of-concept requires python and takes a single-argument which is the filename to write the `.bmp` file to.\n \n \n $ python poc.py $FILENAME.bmp\n \n\nTo trigger the vulnerability, one can simply add it as an asset or they can pass it as an argument to the blender executable.\n \n \n $ /path/to/blender.exe -a $FILENAME.bmp\n \n\n### Mitigation\n\nIn order to mitigate this vulnerability, it is recommended to not use untrusted image files as an asset when using the sequencer.\n\n### Timeline\n\n2017-09-06 - Vendor Disclosure \n2018-01-11 - Public Release\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-01-11T00:00:00", "type": "talos", "title": "Blender Sequencer imb_bmp_decode Integer Overflow Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2905"], "modified": "2018-01-11T00:00:00", "id": "TALOS-2017-0412", "href": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0412", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2023-06-29T14:46:48", "description": "An exploitable integer overflow exists in the animation playing\nfunctionality of the Blender open-source 3d creation suite version 2.78c. A\nspecially created '.avi' file can cause an integer overflow resulting in a\nbuffer overflow which can allow for code execution under the context of the\napplication. An attacker can convince a user to use the file as an asset in\norder to trigger this vulnerability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-04-24T00:00:00", "type": "ubuntucve", "title": "CVE-2017-2906", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2906"], "modified": "2018-04-24T00:00:00", "id": "UB:CVE-2017-2906", "href": "https://ubuntu.com/security/CVE-2017-2906", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T14:38:43", "description": "An exploitable integer overflow exists in the bmp loading functionality of\nthe Blender open-source 3d creation suite version 2.78c. A specially\ncrafted '.bmp' file can cause an integer overflow resulting in a buffer\noverflow which can allow for code execution under the context of the\napplication. An attacker can convince a user to use the file as an asset\nvia the sequencer in order to trigger this vulnerability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-04-24T00:00:00", "type": "ubuntucve", "title": "CVE-2017-2905", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2905"], "modified": "2018-04-24T00:00:00", "id": "UB:CVE-2017-2905", "href": "https://ubuntu.com/security/CVE-2017-2905", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2023-06-23T18:10:30", "description": "An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-04-24T19:29:00", "type": "debiancve", "title": "CVE-2017-2906", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2906"], "modified": "2018-04-24T19:29:00", "id": "DEBIANCVE:CVE-2017-2906", "href": "https://security-tracker.debian.org/tracker/CVE-2017-2906", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-23T18:10:30", "description": "An exploitable integer overflow exists in the bmp loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.bmp' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-04-24T19:29:00", "type": "debiancve", "title": "CVE-2017-2905", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2905"], "modified": "2018-04-24T19:29:00", "id": "DEBIANCVE:CVE-2017-2905", "href": "https://security-tracker.debian.org/tracker/CVE-2017-2905", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-06-23T14:53:54", "description": "An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-04-24T19:29:00", "type": "cve", "title": "CVE-2017-2906", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2906"], "modified": "2022-06-13T19:07:00", "cpe": ["cpe:/o:debian:debian_linux:9.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:blender:blender:2.78c"], "id": "CVE-2017-2906", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2906", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:blender:blender:2.78c:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-23T14:53:54", "description": "An exploitable integer overflow exists in the bmp loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.bmp' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-04-24T19:29:00", "type": "cve", "title": "CVE-2017-2905", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2905"], "modified": "2022-06-13T19:07:00", "cpe": ["cpe:/o:debian:debian_linux:9.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:blender:blender:2.78c"], "id": "CVE-2017-2905", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2905", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:blender:blender:2.78c:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"]}], "redhatcve": [{"lastseen": "2022-05-21T01:24:04", "description": "An exploitable integer overflow exists in the thumbnail functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to render the thumbnail for the file while in the File->Open dialog.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-05-20T23:17:07", "type": "redhatcve", "title": "CVE-2017-2908", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2905", "CVE-2017-2908"], "modified": "2022-05-20T23:17:07", "id": "RH:CVE-2017-2908", "href": "https://access.redhat.com/security/cve/cve-2017-2908", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-10-22T12:54:22", "description": "Package : blender\nVersion : 2.72.b+dfsg0-3+deb8u1\nCVE ID : CVE-2017-2899 CVE-2017-2900 CVE-2017-2901 CVE-2017-2902\n CVE-2017-2903 CVE-2017-2904 CVE-2017-2905 CVE-2017-2906\n CVE-2017-2907 CVE-2017-2908 CVE-2017-2918\n CVE-2017-12081 CVE-2017-12082 CVE-2017-12086\n CVE-2017-12099 CVE-2017-12100 CVE-2017-12101\n CVE-2017-12102 CVE-2017-12103 CVE-2017-12104\n CVE-2017-12105\n\nMultiple vulnerabilities have been discovered in various parsers of\nBlender, a 3D modeller/ renderer. Malformed .blend model files and\nmalformed multimedia files (AVI, BMP, HDR, CIN, IRIS, PNG, TIFF) may\nresult in the execution of arbitrary code.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n2.72.b+dfsg0-3+deb8u1.\n\nWe recommend that you upgrade your blender packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-08-13T11:08:55", "type": "debian", "title": "[SECURITY] [DLA 1465-1] blender security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12081", "CVE-2017-12082", "CVE-2017-12086", "CVE-2017-12099", "CVE-2017-12100", "CVE-2017-12101", "CVE-2017-12102", "CVE-2017-12103", "CVE-2017-12104", "CVE-2017-12105", "CVE-2017-2899", "CVE-2017-2900", "CVE-2017-2901", "CVE-2017-2902", "CVE-2017-2903", "CVE-2017-2904", "CVE-2017-2905", "CVE-2017-2906", "CVE-2017-2907", "CVE-2017-2908", "CVE-2017-2918"], "modified": "2018-08-13T11:08:55", "id": "DEBIAN:DLA-1465-1:3FC65", "href": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-03T15:32:31", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4248-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJuly 17, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : blender\nCVE ID : CVE-2017-2899 CVE-2017-2900 CVE-2017-2901 CVE-2017-2902 \n CVE-2017-2903 CVE-2017-2904 CVE-2017-2905 CVE-2017-2906 \n CVE-2017-2907 CVE-2017-2908 CVE-2017-2918 CVE-2017-12081 \n CVE-2017-12082 CVE-2017-12086 CVE-2017-12099 CVE-2017-12100 \n CVE-2017-12101 CVE-2017-12102 CVE-2017-12103 CVE-2017-12104 \n CVE-2017-12105\n\nMultiple vulnerabilities have been discovered in various parsers of\nBlender, a 3D modeller/ renderer. Malformed .blend model files and\nmalformed multimedia files (AVI, BMP, HDR, CIN, IRIS, PNG, TIFF) may\nresult in the execution of arbitrary code.\n\t\t\t\t\t\t\t \nFor the stable distribution (stretch), these problems have been fixed in\nversion 2.79.b+dfsg0-1~deb9u1.\n\nWe recommend that you upgrade your blender packages.\n\nFor the detailed security status of blender please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/blender\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-07-17T20:36:50", "type": "debian", "title": "[SECURITY] [DSA 4248-1] blender security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12081", "CVE-2017-12082", "CVE-2017-12086", "CVE-2017-12099", "CVE-2017-12100", "CVE-2017-12101", "CVE-2017-12102", "CVE-2017-12103", "CVE-2017-12104", "CVE-2017-12105", "CVE-2017-2899", "CVE-2017-2900", "CVE-2017-2901", "CVE-2017-2902", "CVE-2017-2903", "CVE-2017-2904", "CVE-2017-2905", "CVE-2017-2906", "CVE-2017-2907", "CVE-2017-2908", "CVE-2017-2918"], "modified": "2018-07-17T20:36:50", "id": "DEBIAN:DSA-4248-1:5CA0C", "href": "https://lists.debian.org/debian-security-announce/2018/msg00177.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-04T20:03:10", "description": "Package : blender\nVersion : 2.72.b+dfsg0-3+deb8u1\nCVE ID : CVE-2017-2899 CVE-2017-2900 CVE-2017-2901 CVE-2017-2902\n CVE-2017-2903 CVE-2017-2904 CVE-2017-2905 CVE-2017-2906\n CVE-2017-2907 CVE-2017-2908 CVE-2017-2918\n CVE-2017-12081 CVE-2017-12082 CVE-2017-12086\n CVE-2017-12099 CVE-2017-12100 CVE-2017-12101\n CVE-2017-12102 CVE-2017-12103 CVE-2017-12104\n CVE-2017-12105\n\nMultiple vulnerabilities have been discovered in various parsers of\nBlender, a 3D modeller/ renderer. Malformed .blend model files and\nmalformed multimedia files (AVI, BMP, HDR, CIN, IRIS, PNG, TIFF) may\nresult in the execution of arbitrary code.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n2.72.b+dfsg0-3+deb8u1.\n\nWe recommend that you upgrade your blender packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-08-13T11:08:55", "type": "debian", "title": "[SECURITY] [DLA 1465-1] blender security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12081", "CVE-2017-12082", "CVE-2017-12086", "CVE-2017-12099", "CVE-2017-12100", "CVE-2017-12101", "CVE-2017-12102", "CVE-2017-12103", "CVE-2017-12104", "CVE-2017-12105", "CVE-2017-2899", "CVE-2017-2900", "CVE-2017-2901", "CVE-2017-2902", "CVE-2017-2903", "CVE-2017-2904", "CVE-2017-2905", "CVE-2017-2906", "CVE-2017-2907", "CVE-2017-2908", "CVE-2017-2918"], "modified": "2018-08-13T11:08:55", "id": "DEBIAN:DLA-1465-1:9B5F3", "href": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-05-18T14:29:23", "description": "Multiple vulnerabilities have been discovered in various parsers of Blender, a 3D modeller/ renderer. Malformed .blend model files and malformed multimedia files (AVI, BMP, HDR, CIN, IRIS, PNG, TIFF) may result in the execution of arbitrary code.", "cvss3": {}, "published": "2018-07-18T00:00:00", "type": "nessus", "title": "Debian DSA-4248-1 : blender - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12081", "CVE-2017-12082", "CVE-2017-12086", "CVE-2017-12099", "CVE-2017-12100", "CVE-2017-12101", "CVE-2017-12102", "CVE-2017-12103", "CVE-2017-12104", "CVE-2017-12105", "CVE-2017-2899", "CVE-2017-2900", "CVE-2017-2901", "CVE-2017-2902", "CVE-2017-2903", "CVE-2017-2904", "CVE-2017-2905", "CVE-2017-2906", "CVE-2017-2907", "CVE-2017-2908", "CVE-2017-2918"], "modified": "2019-07-15T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:blender", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4248.NASL", "href": "https://www.tenable.com/plugins/nessus/111140", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4248. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111140);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/07/15 14:20:30\");\n\n script_cve_id(\"CVE-2017-12081\", \"CVE-2017-12082\", \"CVE-2017-12086\", \"CVE-2017-12099\", \"CVE-2017-12100\", \"CVE-2017-12101\", \"CVE-2017-12102\", \"CVE-2017-12103\", \"CVE-2017-12104\", \"CVE-2017-12105\", \"CVE-2017-2899\", \"CVE-2017-2900\", \"CVE-2017-2901\", \"CVE-2017-2902\", \"CVE-2017-2903\", \"CVE-2017-2904\", \"CVE-2017-2905\", \"CVE-2017-2906\", \"CVE-2017-2907\", \"CVE-2017-2908\", \"CVE-2017-2918\");\n script_xref(name:\"DSA\", value:\"4248\");\n\n script_name(english:\"Debian DSA-4248-1 : blender - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been discovered in various parsers of\nBlender, a 3D modeller/ renderer. Malformed .blend model files and\nmalformed multimedia files (AVI, BMP, HDR, CIN, IRIS, PNG, TIFF) may\nresult in the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/blender\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/blender\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4248\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the blender packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 2.79.b+dfsg0-1~deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:blender\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"blender\", reference:\"2.79.b+dfsg0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"blender-data\", reference:\"2.79.b+dfsg0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"blender-dbg\", reference:\"2.79.b+dfsg0-1~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:39:45", "description": "Multiple vulnerabilities have been discovered in various parsers of Blender, a 3D modeller/ renderer. Malformed .blend model files and malformed multimedia files (AVI, BMP, HDR, CIN, IRIS, PNG, TIFF) may result in the execution of arbitrary code.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 2.72.b+dfsg0-3+deb8u1.\n\nWe recommend that you upgrade your blender packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-08-15T00:00:00", "type": "nessus", "title": "Debian DLA-1465-1 : blender security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12081", "CVE-2017-12082", "CVE-2017-12086", "CVE-2017-12099", "CVE-2017-12100", "CVE-2017-12101", "CVE-2017-12102", "CVE-2017-12103", "CVE-2017-12104", "CVE-2017-12105", "CVE-2017-2899", "CVE-2017-2900", "CVE-2017-2901", "CVE-2017-2902", "CVE-2017-2903", "CVE-2017-2904", "CVE-2017-2905", "CVE-2017-2906", "CVE-2017-2907", "CVE-2017-2908", "CVE-2017-2918"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:blender", "p-cpe:/a:debian:debian_linux:blender-data", "p-cpe:/a:debian:debian_linux:blender-dbg", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1465.NASL", "href": "https://www.tenable.com/plugins/nessus/111705", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1465-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(111705);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-12081\", \"CVE-2017-12082\", \"CVE-2017-12086\", \"CVE-2017-12099\", \"CVE-2017-12100\", \"CVE-2017-12101\", \"CVE-2017-12102\", \"CVE-2017-12103\", \"CVE-2017-12104\", \"CVE-2017-12105\", \"CVE-2017-2899\", \"CVE-2017-2900\", \"CVE-2017-2901\", \"CVE-2017-2902\", \"CVE-2017-2903\", \"CVE-2017-2904\", \"CVE-2017-2905\", \"CVE-2017-2906\", \"CVE-2017-2907\", \"CVE-2017-2908\", \"CVE-2017-2918\");\n\n script_name(english:\"Debian DLA-1465-1 : blender security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been discovered in various parsers of\nBlender, a 3D modeller/ renderer. Malformed .blend model files and\nmalformed multimedia files (AVI, BMP, HDR, CIN, IRIS, PNG, TIFF) may\nresult in the execution of arbitrary code.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n2.72.b+dfsg0-3+deb8u1.\n\nWe recommend that you upgrade your blender packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/blender\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected blender, blender-data, and blender-dbg packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:blender\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:blender-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:blender-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"blender\", reference:\"2.72.b+dfsg0-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"blender-data\", reference:\"2.72.b+dfsg0-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"blender-dbg\", reference:\"2.72.b+dfsg0-3+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "openvas": [{"lastseen": "2020-01-29T20:06:52", "description": "Multiple vulnerabilities have been discovered in various parsers of\nBlender, a 3D modeller/ renderer. Malformed .blend model files and\nmalformed multimedia files (AVI, BMP, HDR, CIN, IRIS, PNG, TIFF) may\nresult in the execution of arbitrary code.", "cvss3": {}, "published": "2018-08-14T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for blender (DLA-1465-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2901", "CVE-2017-12086", "CVE-2017-2903", "CVE-2017-12105", "CVE-2017-2905", "CVE-2017-12082", "CVE-2017-2907", "CVE-2017-2902", "CVE-2017-12100", "CVE-2017-12104", "CVE-2017-2904", "CVE-2017-12099", "CVE-2017-2900", "CVE-2017-2906", "CVE-2017-2918", "CVE-2017-2899", "CVE-2017-12081", "CVE-2017-2908", "CVE-2017-12103", "CVE-2017-12102", "CVE-2017-12101"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891465", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891465", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891465\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-12081\", \"CVE-2017-12082\", \"CVE-2017-12086\", \"CVE-2017-12099\", \"CVE-2017-12100\",\n \"CVE-2017-12101\", \"CVE-2017-12102\", \"CVE-2017-12103\", \"CVE-2017-12104\", \"CVE-2017-12105\",\n \"CVE-2017-2899\", \"CVE-2017-2900\", \"CVE-2017-2901\", \"CVE-2017-2902\", \"CVE-2017-2903\",\n \"CVE-2017-2904\", \"CVE-2017-2905\", \"CVE-2017-2906\", \"CVE-2017-2907\", \"CVE-2017-2908\",\n \"CVE-2017-2918\");\n script_name(\"Debian LTS: Security Advisory for blender (DLA-1465-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-08-14 00:00:00 +0200 (Tue, 14 Aug 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"blender on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n2.72.b+dfsg0-3+deb8u1.\n\nWe recommend that you upgrade your blender packages.\");\n\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities have been discovered in various parsers of\nBlender, a 3D modeller/ renderer. Malformed .blend model files and\nmalformed multimedia files (AVI, BMP, HDR, CIN, IRIS, PNG, TIFF) may\nresult in the execution of arbitrary code.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"blender\", ver:\"2.72.b+dfsg0-3+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"blender-data\", ver:\"2.72.b+dfsg0-3+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"blender-dbg\", ver:\"2.72.b+dfsg0-3+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-04T18:56:38", "description": "Multiple vulnerabilities have been discovered in various parsers of\nBlender, a 3D modeller/ renderer. Malformed .blend model files and\nmalformed multimedia files (AVI, BMP, HDR, CIN, IRIS, PNG, TIFF) may\nresult in the execution of arbitrary code.", "cvss3": {}, "published": "2018-07-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4248-1 (blender - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2901", "CVE-2017-12086", "CVE-2017-2903", "CVE-2017-12105", "CVE-2017-2905", "CVE-2017-12082", "CVE-2017-2907", "CVE-2017-2902", "CVE-2017-12100", "CVE-2017-12104", "CVE-2017-2904", "CVE-2017-12099", "CVE-2017-2900", "CVE-2017-2906", "CVE-2017-2918", "CVE-2017-2899", "CVE-2017-12081", "CVE-2017-2908", "CVE-2017-12103", "CVE-2017-12102", "CVE-2017-12101"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704248", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704248", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4248-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704248\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2017-12081\", \"CVE-2017-12082\", \"CVE-2017-12086\", \"CVE-2017-12099\", \"CVE-2017-12100\",\n \"CVE-2017-12101\", \"CVE-2017-12102\", \"CVE-2017-12103\", \"CVE-2017-12104\", \"CVE-2017-12105\",\n \"CVE-2017-2899\", \"CVE-2017-2900\", \"CVE-2017-2901\", \"CVE-2017-2902\", \"CVE-2017-2903\",\n \"CVE-2017-2904\", \"CVE-2017-2905\", \"CVE-2017-2906\", \"CVE-2017-2907\", \"CVE-2017-2908\",\n \"CVE-2017-2918\");\n script_name(\"Debian Security Advisory DSA 4248-1 (blender - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-07-17 00:00:00 +0200 (Tue, 17 Jul 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4248.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"blender on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 2.79.b+dfsg0-1~deb9u1.\n\nWe recommend that you upgrade your blender packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/blender\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities have been discovered in various parsers of\nBlender, a 3D modeller/ renderer. Malformed .blend model files and\nmalformed multimedia files (AVI, BMP, HDR, CIN, IRIS, PNG, TIFF) may\nresult in the execution of arbitrary code.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"blender\", ver:\"2.79.b+dfsg0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"blender-data\", ver:\"2.79.b+dfsg0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"blender-dbg\", ver:\"2.79.b+dfsg0-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2023-09-25T11:08:18", "description": "Updated blender package fixes security vulnerabilities: Multiple vulnerabilities have been discovered in various parsers of Blender. Malformed .blend model files and malformed multimedia files (AVI, BMP, HDR, CIN, IRIS, PNG, TIFF) may result in the execution of arbitrary code (CVE-2017-2899, CVE-2017-2900, CVE-2017-2901, CVE-2017-2902, CVE-2017-2903, CVE-2017-2904, CVE-2017-2905, CVE-2017-2906, CVE-2017-2907, CVE-2017-2908, CVE-2017-2918, CVE-2017-12081, CVE-2017-12082, CVE-2017-12086, CVE-2017-12099, CVE-2017-12100, CVE-2017-12101, CVE-2017-12102, CVE-2017-12103, CVE-2017-12104, CVE-2017-12105). These issues are fixed by updating to the latest upstream 2.79b release, which brings many improvements, bug fixes and new features. See the referenced changelog for details. Also, the yafaray package has been updated to the latest version, 3.3.0, to make it work with the new Blender addons path. \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-08-10T14:37:39", "type": "mageia", "title": "Updated blender packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12081", "CVE-2017-12082", "CVE-2017-12086", "CVE-2017-12099", "CVE-2017-12100", "CVE-2017-12101", "CVE-2017-12102", "CVE-2017-12103", "CVE-2017-12104", "CVE-2017-12105", "CVE-2017-2899", "CVE-2017-2900", "CVE-2017-2901", "CVE-2017-2902", "CVE-2017-2903", "CVE-2017-2904", "CVE-2017-2905", "CVE-2017-2906", "CVE-2017-2907", "CVE-2017-2908", "CVE-2017-2918"], "modified": "2018-08-10T14:37:39", "id": "MGASA-2018-0332", "href": "https://advisories.mageia.org/MGASA-2018-0332.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}

CVE-2017-2906

Description

Related