Bug 118163 - media-gfx/blender: buffer overflow (CVE-2005-4470)
|
Bug#:
118163
|
Product: Gentoo Security
|
Version: unspecified
|
Platform: All
|
|
OS/Version: Linux
|
Status: RESOLVED
|
Severity: normal
|
Priority: P2
|
|
Resolution: FIXED
|
Assigned To: security@gentoo.org
|
Reported By: carlo@gentoo.org
|
|
Component: Vulnerabilities
|
|
|
URL:
|
|
Summary: media-gfx/blender: buffer overflow (CVE-2005-4470)
|
|
Keywords:
|
|
Status Whiteboard: B2 [glsa] DerCorny
|
|
Opened: 2006-01-07 05:00 0000
|
Stumbled upon the Ubuntu advisory, so we're a bit late.
Heap-based buffer overflow in the get_bhead function in readfile.c in Blender
BlenLoader 2.0 through 2.40pre allows remote attackers to cause a denial of
service (application crash) and possibly execute arbitrary code via a .blend
file with a negative bhead.len value, which causes less memory to be allocated
than expected, possibly due to an integer overflow.
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4470
the latest blender is available.
arches, pls try to stable 2.40 - thx
Luca marked stable for ppc, removing us from CC
I keep getting
./usr/share/doc/
./usr/share/doc/blender-2.40/
./usr/share/doc/blender-2.40/COPYING.gz
./usr/share/doc/blender-2.40/INSTALL.gz
./usr/share/doc/blender-2.40/README.gz
>>> Done.
!!! CATEGORY info missing from info chunk, aborting...
here, even after deleting the binpkg generated from FEATURES=buildpkg.. maybe
someone else from amd64 can test this? I doubt it is related to blender
hparker confirmed that it works, so amd64 stable
