Bug#477808: blender: CVE-2008-1102 arbitrary code execution via crafted .blend file
Package: blender Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities Exposures) id was published for blender. CVE-2008-1102[0]: | Stack-based buffer overflow in the imb_loadhdr function in Blender | 2.45 allows user-assisted remote attackers to execute arbitrary code | via a .blend file that contains a crafted Radiance RGBE image. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1102 http://security-tracker.debian.net/tracker/CVE-2008-1102 -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpf2VQH0zAOt.pgp Description: PGP signature
Bug#477808: blender: CVE-2008-1102 arbitrary code execution via crafted .blend file
Hi! Upstream patch: svn diff -r14431:14461 https://svn.blender.org/svnroot/bf-blender/trunk/blender/source/blender/imbuf/intern/radiance_hdr.c http://cvs.fedoraproject.org/viewcvs/rpms/blender/devel/blender-2.45-cve-2008-1102.patch HTH -- Tomas Hoger -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#477808: blender: CVE-2008-1102 arbitrary code execution via crafted .blend file
tag 477808 pending thanks On 25/04/2008, Tomas Hoger wrote: Hi! Hi, Upstream patch: […] HTH sure, many thanks! Mraw, KiBi. pgpK2znniC8WS.pgp Description: PGP signature