1. CVE-Search
  2. CVE-2005-4470
ID CVE-2005-4470
Summary Heap-based buffer overflow in the get_bhead function in readfile.c in Blender BlenLoader 2.0 through 2.40pre allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .blend file with a negative bhead.len value, which causes less memory to be allocated than expected, possibly due to an integer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:blender:blenloader:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:blender:blenloader:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:blender:blenloader:2.04:*:*:*:*:*:*:*
    cpe:2.3:a:blender:blenloader:2.04:*:*:*:*:*:*:*
  • cpe:2.3:a:blender:blenloader:2.25:*:*:*:*:*:*:*
    cpe:2.3:a:blender:blenloader:2.25:*:*:*:*:*:*:*
  • cpe:2.3:a:blender:blenloader:2.26:*:*:*:*:*:*:*
    cpe:2.3:a:blender:blenloader:2.26:*:*:*:*:*:*:*
  • cpe:2.3:a:blender:blenloader:2.27:*:*:*:*:*:*:*
    cpe:2.3:a:blender:blenloader:2.27:*:*:*:*:*:*:*
  • cpe:2.3:a:blender:blenloader:2.28:*:*:*:*:*:*:*
    cpe:2.3:a:blender:blenloader:2.28:*:*:*:*:*:*:*
  • cpe:2.3:a:blender:blenloader:2.28a:*:*:*:*:*:*:*
    cpe:2.3:a:blender:blenloader:2.28a:*:*:*:*:*:*:*
  • cpe:2.3:a:blender:blenloader:2.28c:*:*:*:*:*:*:*
    cpe:2.3:a:blender:blenloader:2.28c:*:*:*:*:*:*:*
  • cpe:2.3:a:blender:blenloader:2.30:*:*:*:*:*:*:*
    cpe:2.3:a:blender:blenloader:2.30:*:*:*:*:*:*:*
  • cpe:2.3:a:blender:blenloader:2.31a:*:*:*:*:*:*:*
    cpe:2.3:a:blender:blenloader:2.31a:*:*:*:*:*:*:*
  • cpe:2.3:a:blender:blenloader:2.32:*:*:*:*:*:*:*
    cpe:2.3:a:blender:blenloader:2.32:*:*:*:*:*:*:*
  • cpe:2.3:a:blender:blenloader:2.33:*:*:*:*:*:*:*
    cpe:2.3:a:blender:blenloader:2.33:*:*:*:*:*:*:*
  • cpe:2.3:a:blender:blenloader:2.33a:*:*:*:*:*:*:*
    cpe:2.3:a:blender:blenloader:2.33a:*:*:*:*:*:*:*
  • cpe:2.3:a:blender:blenloader:2.34:*:*:*:*:*:*:*
    cpe:2.3:a:blender:blenloader:2.34:*:*:*:*:*:*:*
  • cpe:2.3:a:blender:blenloader:2.35:*:*:*:*:*:*:*
    cpe:2.3:a:blender:blenloader:2.35:*:*:*:*:*:*:*
  • cpe:2.3:a:blender:blenloader:2.37:*:*:*:*:*:*:*
    cpe:2.3:a:blender:blenloader:2.37:*:*:*:*:*:*:*
  • cpe:2.3:a:blender:blenloader:2.37a:*:*:*:*:*:*:*
    cpe:2.3:a:blender:blenloader:2.37a:*:*:*:*:*:*:*
  • cpe:2.3:a:blender:blenloader:2.39:*:*:*:*:*:*:*
    cpe:2.3:a:blender:blenloader:2.39:*:*:*:*:*:*:*
  • cpe:2.3:a:blender:blenloader:2.40_alpha:*:*:*:*:*:*:*
    cpe:2.3:a:blender:blenloader:2.40_alpha:*:*:*:*:*:*:*
  • cpe:2.3:a:blender:blenloader:*:*:*:*:*:*:*:*
    cpe:2.3:a:blender:blenloader:*:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 19-10-2018 - 15:41)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 15981
bugtraq 20051220 [Overflow.pl] Blender BlenLoader Integer Overflow
debian DSA-1039
gentoo GLSA-200601-08
misc http://www.overflow.pl/adv/blenderinteger.txt
secunia
  • 18176
  • 18178
  • 18452
  • 19754
ubuntu USN-238-2
vupen ADV-2005-3032
Last major update 19-10-2018 - 15:41
Published 22-12-2005 - 00:03
Last modified 19-10-2018 - 15:41
Back to Top