CVE-2008-1102Improper Restriction of Operations within the Bounds of a Memory Buffer in Blender

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents7 sources
Severity
6.8MEDIUMNVD
EPSS
5.4%
top 9.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
BlenderDebian Blender
Timeline
PublishedApr 22
Latest updateMay 1

Description

Stack-based buffer overflow in the imb_loadhdr function in Blender 2.45 allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

debiandebian/blender< blender 2.45-5 (bookworm)
Debianblender/blender< 2.45-5+2
NVDblender/blender2.45

🔴Vulnerability Details

2
GHSA
GHSA-35pm-rxh5-93qj: Stack-based buffer overflow in the imb_loadhdr function in Blender 22022-05-01
OSV
CVE-2008-1102: Stack-based buffer overflow in the imb_loadhdr function in Blender 22008-04-22

📋Vendor Advisories

3
Ubuntu
Blender vulnerabilities2008-12-22
Red Hat
blender: Blender Radiance RGBE Buffer Overflow2008-04-17
Debian
CVE-2008-1102: blender - Stack-based buffer overflow in the imb_loadhdr function in Blender 2.45 allows u...2008

💬Community

1
Bugzilla
CVE-2008-1102 blender: Blender Radiance RGBE Buffer Overflow2008-04-24
CVE-2008-1102 — Debian Blender vulnerability | cvebase