CVE-2005-4470
blender - heap-based buffer overflow
EPSS 6.0%
Description
Heap-based buffer overflow in the get_bhead function in readfile.c in Blender BlenLoader 2.0 through 2.40pre allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .blend file with a negative bhead.len value, which causes less memory to be allocated than expected, possibly due to an integer overflow.
How to fix CVE-2005-4470
To remediate CVE-2005-4470, upgrade the affected package to a fixed version below.
- Debian/blender—upgrade to 2.40-1 or later
- Debian/blender—upgrade to 2.37a-1.1etch1 or later
Is CVE-2005-4470 being exploited?
Moderate — EPSS is 6.0%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 2.40-1
- from 0, < 2.37a-1.1etch1