source: Blender
date: June 15th, 2006
author: Neil McGovern
vuln-type: heap-based buffer overflow
problem-scope: remote
debian-specifc: no
cve: CVE-2005-4470
testing-fix: 2.37a-1.1etch1
sid-fix: 2.40-1
upgrade: apt-get install blender

A heap-based buffer overflow vulnerability was discovered by Damian Put in
Blender BlenLoader 2.0 through 2.40pre which allows remote attackers to cause a
denial of service (application crash) and possibly execute arbitrary code via a
.blend file with a negative bhead.len value, which causes less memory to be
allocated than expected, possibly due to an integer overflow.

Please note, this issue has already been fixed in stable in security
announcement DSA-1039-1