USN-238-2: Blender vulnerability

6 January 2006

blender vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 5.10

Software Description

Details

Damian Put discovered that Blender did not properly validate a ‘length’ value in .blend files. Negative values led to an insufficiently sized memory allocation. By tricking a user into opening a specially crafted .blend file, this could be exploited to execute arbitrary code with the privileges of the Blender user.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.10
blender

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References