You're blocking ads, which pay for BlenderNation. Read about other ways to support us.

Secunia issues Blender security warning

0

Secunia.com issued the following security advisory yesterday:

Blender "get_bhead()" Integer Overflow Vulnerability

Damian Put has reported a vulnerability in Blender, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a user's system.

The vulnerability is caused due to an integer overflow in "get_bhead()" in "readfile.c" when parsing ".blend" files. This can be exploited to cause a heap based buffer overflow by tricking a user into opening a specially crafted ".blend" file.

This vulnerability has been fixed in 2.40 so if you haven't already, upgrade now. If you ask me, embedded Python scripts are a much bigger risk so it's always a good idea to check the source of a .blend file before you open one.

You can read the full advisory here.

About Author

Bart Veldhuizen

I have a LONG history with Blender - I wrote some of the earliest Blender tutorials, worked for Not a Number and helped run the crowdfunding campaign that open sourced Blender (the first one on the internet!). I founded BlenderNation in 2006 and have been editing it every single day since then ;-) I also run the Blender Artists forum and I'm Head of Community at Sketchfab.

Leave A Reply

To add a profile picture to your message, register your email address with Gravatar.com. To protect your email address, create an account on BlenderNation and log in when posting a message.