Red Hat Bugzilla – Bug 443934
CVE-2008-1102 blender: Blender Radiance RGBE Buffer Overflow
Last modified: 2008-07-25 06:15:42 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-1102 to the following vulnerability:
Stack-based buffer overflow in the imb_loadhdr function in Blender 2.45 allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image.
svn diff -r14431:14461
(define STR_MAX was added in one of the previous commits, that attempted to fix
this issue and was not dropped as its usage was)
Unfortunately, I can't create a new blender release, because the maintainer of
scons has release a broken version of scons.
blender-2.45-14.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
blender-2.45-14.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: