CVE-2008-1102

Related Files

Gentoo Linux Security Advisory 201311-07

Posted Nov 13, 2013

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201311-7 - Multiple vulnerabilities have been found in Blender, the worst of which could allow attackers to execute arbitrary code. Versions less than 2.49b-r2 are affected.

tags | advisory, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2008-1102, CVE-2008-1103, CVE-2009-3850

SHA-256 | 895983cec8d709bd182528490c8480f44f15829aec91e36fe248418bc732dbc2

Download | Favorite | View

Ubuntu Security Notice 699-1

Posted Dec 30, 2008

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-699-1 - It was discovered that Blender did not correctly handle certain malformed Radiance RGBE images. If a user were tricked into opening a .blend file containing a specially crafted Radiance RGBE image, an attacker could execute arbitrary code with the user's privileges. It was discovered that Blender did not properly sanitize the Python search path. A local attacker could execute arbitrary code by inserting a specially crafted Python file in the Blender working directory.

tags | advisory, arbitrary, local, python

systems | linux, ubuntu

advisories | CVE-2008-1102, CVE-2008-4863

SHA-256 | 5cadcbf1d0c25ea0b4eeaefe61aba2f5aa7ba23cdc4e042bdbe6731fc0bbb9e2

Download | Favorite | View

Mandriva Linux Security Advisory 2008-204

Posted Sep 25, 2008

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Stefan Cornelius of Secunia Research reported a boundary error when Blender processed RGBE images which could be used to execute arbitrary code with the privileges of the user running Blender if a specially crafted.hdr or .blend file were opened. As well, multiple vulnerabilities involving insecure usage of temporary files had also been reported. The updated packages have been patched to prevent these issues.

tags | advisory, arbitrary, vulnerability

systems | linux, mandriva

advisories | CVE-2008-1102, CVE-2008-1103

SHA-256 | 48609fb663e9cc742f93f54881dfaf9d1d8f643be31783d486819229d88c5293

Download | Favorite | View

Gentoo Linux Security Advisory 200805-12

Posted May 12, 2008

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200805-12 - Stefan Cornelius (Secunia Research) reported a boundary error within the imb_loadhdr() function in in the file source/blender/imbuf/intern/radiance_hdr.c when processing RGBE images (CVE-2008-1102). Multiple vulnerabilities involving insecure usage of temporary files have also been reported (CVE-2008-1103). Versions less than 2.43-r2 are affected.

tags | advisory, vulnerability

systems | linux, gentoo

advisories | CVE-2008-1102, CVE-2008-1103

SHA-256 | 7339c4b7695b99e7f31eda25563a078be9b132ace9e2484a5ddb3cc5a085392a

Download | Favorite | View

Debian Linux Security Advisory 1567-1

Posted May 5, 2008

Authored by Debian | Site debian.org

Debian Security Advisory 1567-1 - Stefan Cornelius discovered a vulnerability in the Radiance High Dynamic Range (HDR) image parser in Blender, a 3D modelling application. The weakness could enable a stack-based buffer overflow and the execution of arbitrary code if a maliciously-crafted HDR file is opened, or if a directory containing such a file is browsed via Blender's image-open dialog.

tags | advisory, overflow, arbitrary

systems | linux, debian

advisories | CVE-2008-1102

SHA-256 | 88d67ffe8418948cf8985be3683757bd03808ceb116ff2c99f3c99dea588bcb6

Download | Favorite | View