An exploitable integer overflow exists in the way that the Blender
open-source 3d creation suite v2.78c converts text rendered as a font into
a curve. A specially crafted .blend file can cause an integer overflow
resulting in a buffer overflow which can allow for code execution under the
context of the application. An attacker can convince a user to open the
file or use the file as a library in order to trigger this vulnerability.
git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e6df02861e17f75d4dd243776f35208681b78465
launchpad.net/bugs/cve/CVE-2017-12103
nvd.nist.gov/vuln/detail/CVE-2017-12103
security-tracker.debian.org/tracker/CVE-2017-12103
www.cve.org/CVERecord?id=CVE-2017-12103
www.talosintelligence.com/vulnerability_reports/TALOS-2017-0455