[Pkg-blender-maintainers] Bug#332413: CAN-2005-3151: Bufferoverflow
in blenderplayer arg parsing
Moritz Muehlenhoff
jmm at inutil.org
Tue Sep 12 01:24:31 CEST 2006
Moritz Muehlenhoff wrote:
> Package: blender
> Version: 2.37a-1
> Severity: normal
> Tags: security
>
> A buffer overflow has been found in the args parsing of blenderplayer.
> This is a minor security problem, as it would need to trick someone
> into playing a file with really quite noticably manipulated file names,
> but has been assigned CAN-2005-3151 by MITRE anyway. A demo exploit
> is available at http://www.securiteam.com/exploits/5BP0T2KGVA.html
Dear Blender maintainers,
is this resolved in current Blender releases? It's only exploitable
in rare corner cases, but still it would be nice to have it fixed in
Etch.
Cheers,
Moritz
More information about the Pkg-blender-maintainers
mailing list