Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200601-08] Blender: Heap-based buffer overflow Vulnerability Scan
Vulnerability Scan Summary
Blender: Heap-based buffer overflow
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200601-08
(Blender: Heap-based buffer overflow)
Damian Put has reported a flaw due to an integer overflow in the
"get_bhead()" function, leading to a heap overflow when processing
malformed ".blend" files.
A remote attacker could entice a user into opening a specially
crafted ".blend" file, resulting in the execution of arbitrary code
with the permissions of the user running Blender.
There is no known workaround at this time.
All Blender users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/blender-2.40"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.