It looks like you're using an ad blocker! I really need the income to keep this site running.
If you enjoy BlenderNation and you think it’s a valuable resource to the Blender community, please take a moment to read how you can support BlenderNation.

Blender Vulnerabilities: Fixes

3

After the recent security report by Cisco about integer overflow vulnerabilites in Blender, the Blender developers started working on the issues. Here's a report on the fixes.

Ton Roosendaal writes:

In the past 4 days Brecht Van Lommel has provided fixes for the vulnerabilities reported by Cisco in Blender.
The fixes were reviewed by the other core team members, especially by Campbell Barton and Sergey Sharybin.

The 30+ commits with the fixes start with this log. Here is the link to all commit logs of this month, just scroll down to end.

In short; what's fixed is the vulnerability for integer overflows based on settings saved in .blend files, and vulnerabilities in our code for reading image files.

Please note it doesn't mean Blender is anything like "safe" now. It remains important to only open Blender files from trusted sources. We still think that real and sensible security (if you want .blend files safe to be spread anonymously) is a project with a magnitude that's outside of the scope of what we can handle. For that we welcome contributions from the industry!

A Blender 2.79a release is expected this month.

About Author

Bart Veldhuizen

I have a LONG history with Blender - I wrote some of the earliest Blender tutorials, worked for Not a Number and helped run the crowdfunding campaign that open sourced Blender (the first one on the internet!). I founded BlenderNation in 2006 and have been editing it every single day since then ;-) I also run the Blender Artists forum and I'm Head of Community at Sketchfab.

3 Comments

  1. 79a it is then.

    I don't understand how the vulnerability works, but i hope it doesn't reduce performance by a large ammount

Leave A Reply

To add a profile picture to your message, register your email address with Gravatar.com. To protect your email address, create an account on BlenderNation and log in when posting a message.