I've just merged 2.45-5 from Debian unstable, which addresses this.
Unfortunately, I've not used "-v" for dpkg-buildpackage, so here's the Debian changelog snippet for reference:
* Fix CVE-2008-1102: “Stack-based buffer overflow in the imb_loadhdr
function allows user-assisted remote attackers to execute arbitrary
code via a .blend file that contains a crafted Radiance RGBE image.”
Add upstream patch as pointed to by Tomas Hoger <email address hidden>
(thanks!), which basically adds a check on sscanf() return code and
limits the size of accepted %s parameters (Closes: #477808):
- 30_fix_CVE-2008-1102.
I've just merged 2.45-5 from Debian unstable, which addresses this. CVE-2008- 1102.
Unfortunately, I've not used "-v" for dpkg-buildpackage, so here's the Debian changelog snippet for reference:
* Fix CVE-2008-1102: “Stack-based buffer overflow in the imb_loadhdr
function allows user-assisted remote attackers to execute arbitrary
code via a .blend file that contains a crafted Radiance RGBE image.”
Add upstream patch as pointed to by Tomas Hoger <email address hidden>
(thanks!), which basically adds a check on sscanf() return code and
limits the size of accepted %s parameters (Closes: #477808):
- 30_fix_