Fresh Blender News, Every Day
Secunia issues Blender security warning
Published by Bart on January 7th, 2006 in DevelopmentSecunia.com issued the following security advisory yesterday:
Blender "get_bhead()" Integer Overflow Vulnerability
Damian Put has reported a vulnerability in Blender, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a user's system.
The vulnerability is caused due to an integer overflow in "get_bhead()" in "readfile.c" when parsing ".blend" files. This can be exploited to cause a heap based buffer overflow by tricking a user into opening a specially crafted ".blend" file.
This vulnerability has been fixed in 2.40 so if you haven't already, upgrade now. If you ask me, embedded Python scripts are a much bigger risk so it's always a good idea to check the source of a .blend file before you open one.
You can read the full advisory here.
Related Posts
Related posts are selected automatically based on their content.
Search
Categories
- 3D News
- Art
- Blender Foundation
- BlenderNation
- BNTV
- Community
- Community Store
- Conferences
- Contests
- Development
- Documentation
- Education
- Event Calendar
- Fun
- Games
- Google Summer of Code
- Miscellaneous
- Models & Rigs
- Newsflash
- Plugins
- Press
- Professional Services
- Python Scripts
- Repositories
- Siggraph
- Toolbox
- Tutorials
- Version Tracker
No Comments
Please Wait
Leave a Reply