GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Fri Jan 13, 2006 7:26 am Post subject: [ GLSA 200601-08 ] Blender: Heap-based buffer overflow |
|
|
Gentoo Linux Security Advisory
Title: Blender: Heap-based buffer overflow (GLSA 200601-08)
Severity: normal
Exploitable: remote
Date: January 13, 2006
Bug(s): #118163
ID: 200601-08
Synopsis
Blender is vulnerable to a buffer overflow that may be exploited by attackers to execute arbitrary code.
Background
Blender is an open source software for 3D modeling, animation, rendering, post-production, interactive creation and playback.
Affected Packages
Package: media-gfx/blender
Vulnerable: < 2.40
Unaffected: >= 2.40
Architectures: All supported architectures
Description
Damian Put has reported a flaw due to an integer overflow in the "get_bhead()" function, leading to a heap overflow when processing malformed ".blend" files.
Impact
A remote attacker could entice a user into opening a specially crafted ".blend" file, resulting in the execution of arbitrary code with the permissions of the user running Blender.
Workaround
There is no known workaround at this time.
Resolution
All Blender users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/blender-2.40" |
References
CVE-2005-4470
Last edited by GLSA on Sun May 07, 2006 5:00 pm; edited 1 time in total |
|