Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2008-1102

Published: 22/04/2008 Updated: 08/08/2017
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Stack-based buffer overflow in the imb_loadhdr function in Blender 2.45 allows user-assisted remote malicious users to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image.

Vulnerable Product Search on Vulmon Subscribe to Product

blender blender 2.45

Vendor Advisories

Ubuntu Security Notice: blender vulnerabilities
It was discovered that Blender did not correctly handle certain malformed Radiance RGBE images If a user were tricked into opening a blend file containing a specially crafted Radiance RGBE image, an attacker could execute arbitrary code with the user’s privileges (CVE-2008-1102) ...
Debian CVElist Bug Report Logs: blender: CVE-2008-1102 arbitrary code execution via crafted .blend file
Debian Bug report logs - #477808 blender: CVE-2008-1102 arbitrary code execution via crafted blend file Package: blender; Maintainer for blender is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for blender is src:blender (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Dat ...
Debian Security Advisories: DSA-1567-1 blender -- buffer overrun
Stefan Cornelius discovered a vulnerability in the Radiance High Dynamic Range (HDR) image parser in Blender, a 3D modelling application The weakness could enable a stack-based buffer overflow and the execution of arbitrary code if a maliciously-crafted HDR file is opened, or if a directory containing such a file is browsed via Blender's image-ope ...

References

CWE-119http://secunia.com/secunia_research/2008-16/advisory/http://www.securityfocus.com/bid/28870http://secunia.com/advisories/29818http://www.debian.org/security/2008/dsa-1567https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00225.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-May/msg00237.htmlhttp://www.gentoo.org/security/en/glsa/glsa-200805-12.xmlhttp://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.htmlhttp://secunia.com/advisories/29957http://secunia.com/advisories/30151http://secunia.com/advisories/30097http://secunia.com/advisories/30272http://www.mandriva.com/security/advisories?name=MDVSA-2008:204http://www.vupen.com/english/advisories/2008/1308/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/41917https://usn.ubuntu.com/699-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223CVE-2024-0044information disclosureCVE-2024-35753HTML injectionCVE-2024-21306CVE-2024-35733SQL injectionCVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook