USN-238-2: Blender vulnerability
6 January 2006
Blender vulnerability
Releases
Details
Damian Put discovered that Blender did not properly validate a
'length' value in .blend files. Negative values led to an
insufficiently sized memory allocation. By tricking a user into
opening a specially crafted .blend file, this could be exploited to
execute arbitrary code with the privileges of the Blender user.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 5.10
-
blender
-
In general, a standard system update will make all the necessary changes.