Vulnerability Details : CVE-2005-4470
Heap-based buffer overflow in the get_bhead function in readfile.c in Blender BlenLoader 2.0 through 2.40pre allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .blend file with a negative bhead.len value, which causes less memory to be allocated than expected, possibly due to an integer overflow.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2005-4470
- cpe:2.3:a:blender:blenloader:*:*:*:*:*:*:*:*
- cpe:2.3:a:blender:blenloader:2.27:*:*:*:*:*:*:*
- cpe:2.3:a:blender:blenloader:2.28:*:*:*:*:*:*:*
- cpe:2.3:a:blender:blenloader:2.28a:*:*:*:*:*:*:*
- cpe:2.3:a:blender:blenloader:2.34:*:*:*:*:*:*:*
- cpe:2.3:a:blender:blenloader:2.35:*:*:*:*:*:*:*
- cpe:2.3:a:blender:blenloader:2.25:*:*:*:*:*:*:*
- cpe:2.3:a:blender:blenloader:2.26:*:*:*:*:*:*:*
- cpe:2.3:a:blender:blenloader:2.33:*:*:*:*:*:*:*
- cpe:2.3:a:blender:blenloader:2.33a:*:*:*:*:*:*:*
- cpe:2.3:a:blender:blenloader:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:blender:blenloader:2.04:*:*:*:*:*:*:*
- cpe:2.3:a:blender:blenloader:2.31a:*:*:*:*:*:*:*
- cpe:2.3:a:blender:blenloader:2.32:*:*:*:*:*:*:*
- cpe:2.3:a:blender:blenloader:2.39:*:*:*:*:*:*:*
- cpe:2.3:a:blender:blenloader:2.40_alpha:*:*:*:*:*:*:*
- cpe:2.3:a:blender:blenloader:2.28c:*:*:*:*:*:*:*
- cpe:2.3:a:blender:blenloader:2.30:*:*:*:*:*:*:*
- cpe:2.3:a:blender:blenloader:2.37:*:*:*:*:*:*:*
- cpe:2.3:a:blender:blenloader:2.37a:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-4470
3.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-4470
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2005-4470
-
http://www.vupen.com/english/advisories/2005/3032
Site en construction
-
http://www.gentoo.org/security/en/glsa/glsa-200601-08.xml
Blender: Heap-based buffer overflow (GLSA 200601-08) — Gentoo security
-
https://usn.ubuntu.com/238-2/
404: Page not found | Ubuntu
-
http://www.debian.org/security/2006/dsa-1039
[SECURITY] [DSA 1039-1] New blender packages fix several vulnerabilities
-
http://www.securityfocus.com/archive/1/419907/100/0/threaded
-
http://www.securityfocus.com/bid/15981
Exploit
-
http://www.overflow.pl/adv/blenderinteger.txt
404 Not FoundExploit
Jump to