Hello, the Cisco Talos team found security vulnerabilities impacting Blender customers. As this is a sensitive security issue, this entry is to request a PGP key for further communication. If a key is not received or is unavailable, an unencrypted report will be sent via this report in two business days. Please acknowledge receipt so we can confirm we have the correct forum for reporting security issues.
For further information about the Cisco Vendor Vulnerability Reporting and Disclosure Policy please refer to this document which also links to our public PGP key. http://www.cisco.com/web/about/security/psirt/vendor_vulnerability_policy.html
Please CC firstname.lastname@example.org on all correspondence related to this issue.
Developer note: adding CVE's here so we can keep track of whats fixed.
- Fixed CVE-2017-2901: Blender Sequencer imb_loadiris Integer Overflow Code Execution Vulnerability rB829916f4e57a2d1580ff3b625f6bb909b9144a20
This could crash reading corrupt images when generating thumbnails.