VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 22, 2005· Updated Apr 16, 2026

CVE-2005-4470

CVE-2005-4470

Description

Heap-based buffer overflow in the get_bhead function in readfile.c in Blender BlenLoader 2.0 through 2.40pre allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .blend file with a negative bhead.len value, which causes less memory to be allocated than expected, possibly due to an integer overflow.

Affected products

20
  • Blender/Blenloader20 versions
    cpe:2.3:a:blender:blenloader:*:*:*:*:*:*:*:*+ 19 more
    • cpe:2.3:a:blender:blenloader:*:*:*:*:*:*:*:*range: <=2.40_pre
    • cpe:2.3:a:blender:blenloader:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:blender:blenloader:2.04:*:*:*:*:*:*:*
    • cpe:2.3:a:blender:blenloader:2.25:*:*:*:*:*:*:*
    • cpe:2.3:a:blender:blenloader:2.26:*:*:*:*:*:*:*
    • cpe:2.3:a:blender:blenloader:2.27:*:*:*:*:*:*:*
    • cpe:2.3:a:blender:blenloader:2.28:*:*:*:*:*:*:*
    • cpe:2.3:a:blender:blenloader:2.28a:*:*:*:*:*:*:*
    • cpe:2.3:a:blender:blenloader:2.28c:*:*:*:*:*:*:*
    • cpe:2.3:a:blender:blenloader:2.30:*:*:*:*:*:*:*
    • cpe:2.3:a:blender:blenloader:2.31a:*:*:*:*:*:*:*
    • cpe:2.3:a:blender:blenloader:2.32:*:*:*:*:*:*:*
    • cpe:2.3:a:blender:blenloader:2.33:*:*:*:*:*:*:*
    • cpe:2.3:a:blender:blenloader:2.33a:*:*:*:*:*:*:*
    • cpe:2.3:a:blender:blenloader:2.34:*:*:*:*:*:*:*
    • cpe:2.3:a:blender:blenloader:2.35:*:*:*:*:*:*:*
    • cpe:2.3:a:blender:blenloader:2.37:*:*:*:*:*:*:*
    • cpe:2.3:a:blender:blenloader:2.37a:*:*:*:*:*:*:*
    • cpe:2.3:a:blender:blenloader:2.39:*:*:*:*:*:*:*
    • cpe:2.3:a:blender:blenloader:2.40_alpha:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

11

News mentions

0

No linked articles in our index yet.