An exploitable integer overflow exists in the IRIS...
High severity
Unreviewed
Published
May 13, 2022
to the GitHub Advisory Database
•
Updated Jan 27, 2023
Description
Published by the National Vulnerability Database
Apr 24, 2018
Published to the GitHub Advisory Database
May 13, 2022
Last updated
Jan 27, 2023
An exploitable integer overflow exists in the IRIS loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.iris' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
References