Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2005-4470

Heap-based buffer overflow in the get_bhead function in readfile.c in Blender BlenLoader 2.0 through 2.40pre allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .blend file with a negative bhead.len value, which causes less memory to be allocated than expected, possibly due to an integer overflow.

Published

2005-12-22T00:03:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	blender	blenloader	≤ 2.40_pre	Yes
Application	blender	blenloader	2.0	Yes
Application	blender	blenloader	2.04	Yes
Application	blender	blenloader	2.25	Yes
Application	blender	blenloader	2.26	Yes
Application	blender	blenloader	2.27	Yes
Application	blender	blenloader	2.28	Yes
Application	blender	blenloader	2.28a	Yes
Application	blender	blenloader	2.28c	Yes
Application	blender	blenloader	2.30	Yes
Application	blender	blenloader	2.31a	Yes
Application	blender	blenloader	2.32	Yes
Application	blender	blenloader	2.33	Yes
Application	blender	blenloader	2.33a	Yes
Application	blender	blenloader	2.34	Yes
Application	blender	blenloader	2.35	Yes
Application	blender	blenloader	2.37	Yes
Application	blender	blenloader	2.37a	Yes
Application	blender	blenloader	2.39	Yes
Application	blender	blenloader	2.40_alpha	Yes

References

http://secunia.com/advisories/18176 Vendor Advisory ([email protected])
http://secunia.com/advisories/18178 ([email protected])
http://secunia.com/advisories/18452 ([email protected])
http://secunia.com/advisories/19754 ([email protected])
http://www.debian.org/security/2006/dsa-1039 ([email protected])
http://www.gentoo.org/security/en/glsa/glsa-200601-08.xml ([email protected])
http://www.overflow.pl/adv/blenderinteger.txt Exploit ([email protected])
http://www.securityfocus.com/archive/1/419907/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/15981 Exploit ([email protected])
http://www.vupen.com/english/advisories/2005/3032 ([email protected])
https://usn.ubuntu.com/238-2/ ([email protected])
http://secunia.com/advisories/18176 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/18178 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/18452 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/19754 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2006/dsa-1039 (af854a3a-2127-422b-91ae-364da2661108)
http://www.gentoo.org/security/en/glsa/glsa-200601-08.xml (af854a3a-2127-422b-91ae-364da2661108)
http://www.overflow.pl/adv/blenderinteger.txt Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/419907/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/15981 Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2005/3032 (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/238-2/ (af854a3a-2127-422b-91ae-364da2661108)