CVE-2005-4470

NameCVE-2005-4470
DescriptionHeap-based buffer overflow in the get_bhead function in readfile.c in Blender BlenLoader 2.0 through 2.40pre allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .blend file with a negative bhead.len value, which causes less memory to be allocated than expected, possibly due to an integer overflow.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1039-1, DTSA-29-1
NVD severityhigh (attack range: remote)
Debian Bugs344398
Debian/oldoldstablenot vulnerable.
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
blender (PTS)squeeze2.49.2~dfsg-2fixed
wheezy2.63a-1+deb7u1fixed
jessie2.72.b+dfsg0-3fixed
stretch2.74+dfsg0-2fixed
sid2.74+dfsg0-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
blendersource(unstable)2.40-1medium344398
blendersourceetch2.37a-1.1etch1highDTSA-29-1
blendersourcesarge2.36-1sarge1highDSA-1039-1

Notes

[woody] - blender <no-dsa> (Woody has it in non-free and it is binary-only)

Search for package or bug name: Reporting problems