Common Vulnerabilities and Exposures assigned an identifier CVE-2008-1102 to the following vulnerability: Stack-based buffer overflow in the imb_loadhdr function in Blender 2.45 allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image. Refences: http://secunia.com/advisories/29818 http://secunia.com/secunia_research/2008-16/advisory/ http://www.securityfocus.com/bid/28870 http://www.frsirt.com/english/advisories/2008/1308
Upstream fix: svn diff -r14431:14461 https://svn.blender.org/svnroot/bf-blender/trunk/blender/source/blender/imbuf/intern/radiance_hdr.c (define STR_MAX was added in one of the previous commits, that attempted to fix this issue and was not dropped as its usage was)
Unfortunately, I can't create a new blender release, because the maintainer of scons has release a broken version of scons.
blender-2.45-14.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
blender-2.45-14.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: Fedora: https://admin.fedoraproject.org/updates/F8/FEDORA-2008-3875