Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2005-4470

Published: 22/12/2005 Updated: 19/10/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Blenloader

Vulnerability Summary

Heap-based buffer overflow in the get_bhead function in readfile.c in Blender BlenLoader 2.0 up to and including 2.40pre allows remote malicious users to cause a denial of service (application crash) and possibly execute arbitrary code via a .blend file with a negative bhead.len value, which causes less memory to be allocated than expected, possibly due to an integer overflow.

Vulnerable Product Search on Vulmon Subscribe to Product

blender blenloader 2.27

blender blenloader 2.28

blender blenloader 2.28a

blender blenloader 2.34

blender blenloader 2.35

blender blenloader 2.25

blender blenloader 2.26

blender blenloader 2.33

blender blenloader 2.33a

blender blenloader

blender blenloader 2.0

blender blenloader 2.04

blender blenloader 2.31a

blender blenloader 2.32

blender blenloader 2.39

blender blenloader 2.40_alpha

blender blenloader 2.28c

blender blenloader 2.30

blender blenloader 2.37

blender blenloader 2.37a

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2005-4470: Integer overhead in header parser for .blend import
Debian Bug report logs - #344398 CVE-2005-4470: Integer overhead in header parser for blend import Package: blender; Maintainer for blender is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for blender is src:blender (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> D ...
Ubuntu Security Notice: blender vulnerability
Damian Put discovered that Blender did not properly validate a ‘length’ value in blend files Negative values led to an insufficiently sized memory allocation By tricking a user into opening a specially crafted blend file, this could be exploited to execute arbitrary code with the privileges of the Blender user ...

References

NVD-CWE-Otherhttp://www.overflow.pl/adv/blenderinteger.txthttp://www.securityfocus.com/bid/15981http://secunia.com/advisories/18176http://secunia.com/advisories/18178http://www.gentoo.org/security/en/glsa/glsa-200601-08.xmlhttp://secunia.com/advisories/18452http://www.debian.org/security/2006/dsa-1039http://secunia.com/advisories/19754http://www.vupen.com/english/advisories/2005/3032https://usn.ubuntu.com/238-2/http://www.securityfocus.com/archive/1/419907/100/0/threadedhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344398https://usn.ubuntu.com/238-2/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028memory leaklog injectionCVE-2024-3400CVE-2022-48695CVE-2022-48675CVE-2024-34487CVE-2024-33792spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook