CVE-2005-4470

NameCVE-2005-4470
DescriptionHeap-based buffer overflow in the get_bhead function in readfile.c in Blender BlenLoader 2.0 through 2.40pre allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .blend file with a negative bhead.len value, which causes less memory to be allocated than expected, possibly due to an integer overflow.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1039-1, DTSA-29-1
Debian Bugs344398

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
blender (PTS)bullseye (security), bullseye2.83.5+dfsg-5+deb11u1fixed
bookworm3.4.1+dfsg-2fixed
forky, sid, trixie4.3.2+dfsg-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
blendersourcesarge2.36-1sarge1DSA-1039-1
blendersourceetch2.37a-1.1etch1DTSA-29-1
blendersource(unstable)2.40-1medium344398

Notes

[woody] - blender <no-dsa> (Woody has it in non-free and it is binary-only)
Search for package or bug name: Reporting problems