First published: Thu Dec 22 2005(Updated: )
Heap-based buffer overflow in the get_bhead function in readfile.c in Blender BlenLoader 2.0 through 2.40pre allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .blend file with a negative bhead.len value, which causes less memory to be allocated than expected, possibly due to an integer overflow.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Blender Blenloader | =2.35 | |
Blender Blenloader | =2.31a | |
Blender Blenloader | =2.28a | |
Blender Blenloader | =2.30 | |
Blender Blenloader | =2.32 | |
Blender Blenloader | =2.39 | |
Blender Blenloader | =2.25 | |
Blender Blenloader | =2.28c | |
Blender Blenloader | =2.0 | |
Blender Blenloader | <=2.40_pre | |
Blender Blenloader | =2.37 | |
Blender Blenloader | =2.27 | |
Blender Blenloader | =2.34 | |
Blender Blenloader | =2.33 | |
Blender Blenloader | =2.28 | |
Blender Blenloader | =2.04 | |
Blender Blenloader | =2.33a | |
Blender Blenloader | =2.37a | |
Blender Blenloader | =2.40_alpha | |
Blender Blenloader | =2.26 | |
Blender BlenLoader | <=2.40_pre | |
Blender BlenLoader | =2.0 | |
Blender BlenLoader | =2.04 | |
Blender BlenLoader | =2.25 | |
Blender BlenLoader | =2.26 | |
Blender BlenLoader | =2.27 | |
Blender BlenLoader | =2.28 | |
Blender BlenLoader | =2.28a | |
Blender BlenLoader | =2.28c | |
Blender BlenLoader | =2.30 | |
Blender BlenLoader | =2.31a | |
Blender BlenLoader | =2.32 | |
Blender BlenLoader | =2.33 | |
Blender BlenLoader | =2.33a | |
Blender BlenLoader | =2.34 | |
Blender BlenLoader | =2.35 | |
Blender BlenLoader | =2.37 | |
Blender BlenLoader | =2.37a | |
Blender BlenLoader | =2.39 | |
Blender BlenLoader | =2.40_alpha |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.