Description
Heap-based buffer overflow in the get_bhead function in readfile.c in Blender BlenLoader 2.0 through 2.40pre allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .blend file with a negative bhead.len value, which causes less memory to be allocated than expected, possibly due to an integer overflow.
Affected products
- Blender / blenloader2.40_pre
- Blender / blenloader2.0 – 2.0
- Blender / blenloader2.04 – 2.04
- Blender / blenloader2.25 – 2.25
- Blender / blenloader2.26 – 2.26
- Blender / blenloader2.27 – 2.27
- Blender / blenloader2.28 – 2.28
- Blender / blenloader2.28a – 2.28a
- Blender / blenloader2.28c – 2.28c
- Blender / blenloader2.30 – 2.30
- Blender / blenloader2.31a – 2.31a
- Blender / blenloader2.32 – 2.32
- Blender / blenloader2.33 – 2.33
- Blender / blenloader2.33a – 2.33a
- Blender / blenloader2.34 – 2.34
- Blender / blenloader2.35 – 2.35
- Blender / blenloader2.37 – 2.37
- Blender / blenloader2.37a – 2.37a
- Blender / blenloader2.39 – 2.39
- Blender / blenloader2.40_alpha – 2.40_alpha
References
- VENDOR_ADVISORYhttp://secunia.com/advisories/18178
- MISChttp://www.securityfocus.com/archive/1/419907/100/0/threaded
- VENDOR_ADVISORYhttp://secunia.com/advisories/19754
- VENDOR_ADVISORYhttp://www.debian.org/security/2006/dsa-1039
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2005/3032
- MISChttp://www.overflow.pl/adv/blenderinteger.txt
- MISChttp://www.gentoo.org/security/en/glsa/glsa-200601-08.xml
- VENDOR_ADVISORYhttp://secunia.com/advisories/18176
- MISChttp://www.securityfocus.com/bid/15981
- VENDOR_ADVISORYhttps://usn.ubuntu.com/238-2/
- VENDOR_ADVISORYhttp://secunia.com/advisories/18452