|
|
>> Blender "get_bhead()" Integer Overflow and "bvh_import.py" Vulnerabilities
|
Title : Blender "get_bhead()" Integer Overflow and "bvh_import.py" Vulnerabilities
VUPEN ID : VUPEN/ADV-2005-3032
CVE ID : CVE-2005-3302 - CVE-2005-4470
Rated as : Moderate Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-12-21
|
Two vulnerabilities have been identified in Blender, which could be exploited by remote attackers to execute arbitrary commands or cause a denial of service.
The first flaw is due to an integer overflow error in the "get_bhead()" [readfile.c] function when processing malformed ".blend" files, which could be exploited by remote attackers to compromise an affected system by convincing a user to open a specially crafted "blend" file.
The second flaw is due to an input validation error in the "bvh_import.py" script that does not properly validate ".bvh" files before being passed to an "eval()" call, which could be exploited by attackers to execute arbitrary python code by convincing a user to import a malicious file.
Affected Products
Blender version 2.40pre and prior
Blender version 2.36 and prior
Solution
Upgrade to Blender version 2.41 :
http://www.blender3d.org/cms/Blender.31.0.html
References
http://www.vupen.com/english/advisories/2005/3032
http://www.frsirt.com/english/reference/3112
Credits
Vulnerabilities reported by Damian Put and Joxean Koret
ChangeLog
2005-12-21 : Initial release
2006-01-25 : Updated Solution
2006-04-24 : Additional vulnerability
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
