Damian Put discovered that Blender did not properly validate a ‘length’ value in .blend files. Negative values led to an insufficiently sized memory allocation. By tricking a user into opening a specially crafted .blend file, this could be exploited to execute arbitrary code with the privileges of the Blender user.
The problem can be corrected by updating your system to the following package versions:
6 January 2006
A security issue affects these releases of Ubuntu and its derivatives:
Damian Put discovered that Blender did not properly validate a ‘length’ value in .blend files. Negative values led to an insufficiently sized memory allocation. By tricking a user into opening a specially crafted .blend file, this could be exploited to execute arbitrary code with the privileges of the Blender user.
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
Vulmon