7.5

CVE-2005-4470

Exploit
Heap-based buffer overflow in the get_bhead function in readfile.c in Blender BlenLoader 2.0 through 2.40pre allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .blend file with a negative bhead.len value, which causes less memory to be allocated than expected, possibly due to an integer overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
BlenderBlenloader Version <= 2.40_pre
BlenderBlenloader Version2.0
BlenderBlenloader Version2.04
BlenderBlenloader Version2.25
BlenderBlenloader Version2.26
BlenderBlenloader Version2.27
BlenderBlenloader Version2.28
BlenderBlenloader Version2.28a
BlenderBlenloader Version2.28c
BlenderBlenloader Version2.30
BlenderBlenloader Version2.31a
BlenderBlenloader Version2.32
BlenderBlenloader Version2.33
BlenderBlenloader Version2.33a
BlenderBlenloader Version2.34
BlenderBlenloader Version2.35
BlenderBlenloader Version2.37
BlenderBlenloader Version2.37a
BlenderBlenloader Version2.39
BlenderBlenloader Version2.40_alpha
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.79% 0.921
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/19754
http://www.debian.org/security/2006/dsa-1039
http://secunia.com/advisories/18176
Vendor Advisory
http://secunia.com/advisories/18178
http://secunia.com/advisories/18452
http://www.gentoo.org/security/en/glsa/glsa-200601-08.xml
http://www.overflow.pl/adv/blenderinteger.txt
Exploit
http://www.securityfocus.com/archive/1/419907/100/0/threaded
http://www.securityfocus.com/bid/15981
Exploit
http://www.vupen.com/english/advisories/2005/3032
https://usn.ubuntu.com/238-2/