CVE-2005-4470 - Blender BlenLoader File Processing Integer Overflow Vulnerability

Publication

2005-12-22

Last modification

2018-10-19

Summary

Heap-based buffer overflow in the get_bhead function in readfile.c in Blender BlenLoader 2.0 through 2.40pre allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .blend file with a negative bhead.len value, which causes less memory to be allocated than expected, possibly due to an integer overflow.

Risk level (CVSS AV:N/AC:L/Au:N/C:P/I:P/A:P)

High

7.5

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Blender Blenloader  2.04 , 2.31A , 2.27 , 2.0 , 2.26 , 2.39 , 2.30 , 2.33 , 2.35 , 2.25 , 2.40Alpha , 2.37 , 2.37A , 2.28A , 2.34 , 2.28 , 2.40Pre , 2.28C , 2.32 , 2.33A