Strix
26.1K

CVE-2005-4470

UnknownEPSS 5.79%

Last modified

CVE-2005-4470 is a vulnerability of currently unknown severity. Heap-based buffer overflow in the get_bhead function in readfile.c in Blender BlenLoader 2.0 through 2.40pre allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .blend file with a negative bhead.len value, which causes less memory to be allocated than expected, possibly due to an integer overflow.. EPSS estimates a 5.79% chance of exploitation in the next 30 days.

Description

Heap-based buffer overflow in the get_bhead function in readfile.c in Blender BlenLoader 2.0 through 2.40pre allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .blend file with a negative bhead.len value, which causes less memory to be allocated than expected, possibly due to an integer overflow.

Metrics

EPSS Probability
5.79%

92.2th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
BlenderBlenloader<= 2.40_pre
BlenderBlenloader2.0
BlenderBlenloader2.04
BlenderBlenloader2.25
BlenderBlenloader2.26
BlenderBlenloader2.27
BlenderBlenloader2.28
BlenderBlenloader2.28a
BlenderBlenloader2.28c
BlenderBlenloader2.30
BlenderBlenloader2.31a
BlenderBlenloader2.32
BlenderBlenloader2.33
BlenderBlenloader2.33a
BlenderBlenloader2.34
BlenderBlenloader2.35
BlenderBlenloader2.37
BlenderBlenloader2.37a
BlenderBlenloader2.39
BlenderBlenloader2.40_alpha

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2005-4470?
Heap-based buffer overflow in the get_bhead function in readfile.c in Blender BlenLoader 2.0 through 2.40pre allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .blend file with a negative bhead.len value, which causes less memory to be allocated than expected, possibly due to an integer overflow.
How severe is CVE-2005-4470?
Severity scoring for CVE-2005-4470 is pending analysis. The EPSS model estimates a 5.79% probability of exploitation in the next 30 days.
How do I fix CVE-2005-4470?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2005-4470?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST