You're blocking ads, which pay for BlenderNation. Read about other ways to support us.

Secunia issues Blender security warning

By Bart on January 7, 2006 Development

Secunia.com issued the following security advisory yesterday:

Blender "get_bhead()" Integer Overflow Vulnerability
Damian Put has reported a vulnerability in Blender, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a user's system.
The vulnerability is caused due to an integer overflow in "get_bhead()" in "readfile.c" when parsing ".blend" files. This can be exploited to cause a heap based buffer overflow by tricking a user into opening a specially crafted ".blend" file.

This vulnerability has been fixed in 2.40 so if you haven't already, upgrade now. If you ask me, embedded Python scripts are a much bigger risk so it's always a good idea to check the source of a .blend file before you open one.

You can read the full advisory here.

About the Author

Bart Veldhuizen

I have a LONG history with Blender - I wrote some of the earliest Blender tutorials, worked for Not a Number and helped run the crowdfunding campaign that open sourced Blender (the first one on the internet!). I founded BlenderNation in 2006 and have been editing it every single day since then ;-) I also run the Blender Artists forum and I'm Head of Community at Sketchfab.

Advertisement

Secunia issues Blender security warning

About the Author

Leave A Reply Cancel Reply

Advertisement

Relative Keyframe support - Motion Presets April 2024 update [$]

UVPackmaster 3 new release - Pack Strategy option and more [$]

Blender Developers Meeting Notes: 22 April 2024

Extreme Addons Birthday Bash: Save 35% Now [$]