Blender Git Commit Log

Git Commits -> Revision 8dbd5ea

January 18, 2018, 18:24 (GMT)
Fix buffer overflow vulnerability in curve, font, particles code.

Solves these security issues from T52924:
CVE-2017-12102
CVE-2017-12103
CVE-2017-12104

While the specific overflow issue may be fixed, loading the repro .blend
files may still crash because they are incomplete and corrupt. The way
they crash may be impossible to exploit, but this is difficult to prove.

Differential Revision: https://developer.blender.org/D3002

Commit Details:

Full Hash: 8dbd5ea4c8af218de60cab4de72624b1bb753363
Parent Commit: 9287434
Lines Changed: +47, -22

7 Modified Paths:

/source/blender/blenkernel/BKE_particle.h (+2, -1) (Diff)
/source/blender/blenkernel/intern/curve.c (+17, -5) (Diff)
/source/blender/blenkernel/intern/font.c (+6, -0) (Diff)
/source/blender/blenkernel/intern/particle.c (+2, -1) (Diff)
/source/blender/blenloader/intern/readfile.c (+7, -1) (Diff)
/source/blender/editors/space_view3d/drawobject.c (+12, -11) (Diff)
/source/blender/makesdna/DNA_curve_types.h (+1, -3) (Diff)
By: Miika HämäläinenLast update: Nov-07-2014 14:18MiikaHweb | 2003-2021