On Thu, Dec 22, 2005 at 02:30:46PM +0100, Moritz Muehlenhoff wrote: > Package: blender > Version: 2.37a-1.1 > Severity: grave > Tags: security > Justification: user security hole > > An integer overflow in the header parser for .blend files can potentially > be exploited to execute code through a heap overflow. Please see > http://www.overflow.pl/adv/blenderinteger.txt for details.
There was some uncertainty on how to actually exploit that. That also leads me to not being sure http://projects.blender.org/viewcvs/viewcvs.cgi/blender/source/blender/blenloader/intern/readfile.c.diff?r1=1.219&r2=1.220&cvsroot=bf-blender is enough of a fix, is it? I only understand the basics of heap-based overflows, I do not yet see how to use this one. Someone explaining it would be very welcome. Wouter van Heyst -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
