FlexeraCVE-2008-1102

HistoryApr 22, 2008 - 4:41 a.m.

CVE-2008-1102

2008-04-2204:41:00

CWE-119

flexera

web.nvd.nist.gov

blender

2.45

stack-based buffer overflow

cve-2008-1102

imb_loadhdr

remote code execution

radiance rgbe image

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

High

EPSS

0.291

Percentile

96.9%

JSON

Stack-based buffer overflow in the imb_loadhdr function in Blender 2.45 allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image.

Affected configurations

Nvd

Node

blenderblenderMatch2.45

VendorProductVersionCPE
blenderblender2.45cpe:2.3:a:blender:blender:2.45:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
blender	blender	2.45	cpe:2.3:a:blender:blender:2.45:::::::*

References

lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html

secunia.com/advisories/29818

secunia.com/advisories/29957

secunia.com/advisories/30097

secunia.com/advisories/30151

secunia.com/advisories/30272

secunia.com/secunia_research/2008-16/advisory/

www.debian.org/security/2008/dsa-1567

www.gentoo.org/security/en/glsa/glsa-200805-12.xml

www.mandriva.com/security/advisories?name=MDVSA-2008:204

www.securityfocus.com/bid/28870

www.vupen.com/english/advisories/2008/1308/references

exchange.xforce.ibmcloud.com/vulnerabilities/41917

www.redhat.com/archives/fedora-package-announce/2008-May/msg00225.html

www.redhat.com/archives/fedora-package-announce/2008-May/msg00237.html

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

High

EPSS

0.291

Percentile

96.9%

JSON

Related for CVE-2008-1102