[CVE-2008-1102] Blender imb_loadhdr() buffer overflow

This has been fixed in Debian, see http://www.debian.org/security/2008/dsa-1567

SUSE-SR:2008:010 also mentions CVE-2008-1103:
»Multiple unspecified vulnerabilities in Blender have unknown impact and attack vectors, related to "temporary file issues."«

CVE-2008-1103 is a separate set of problems and is best tracked in another bug report. I asked in the comments whether bug #6671 was the same problem as CVE-2008-1103 but received no reply. I have just filed bug #227345 to track CVE-2008-1103.

Sorry, I just tend to group CVEs as I find them in various security advisories. It's not always easy to figure out which ones belong together, especially if you try to report a greater amount of accumulated bugs in a limit period of time.

I've just merged 2.45-5 from Debian unstable, which addresses this.
Unfortunately, I've not used "-v" for dpkg-buildpackage, so here's the Debian changelog snippet for reference:
   * Fix CVE-2008-1102: “Stack-based buffer overflow in the imb_loadhdr
     function allows user-assisted remote attackers to execute arbitrary
     code via a .blend file that contains a crafted Radiance RGBE image.”
     Add upstream patch as pointed to by Tomas Hoger <email address hidden>
     (thanks!), which basically adds a check on sscanf() return code and
     limits the size of accepted %s parameters (Closes: #477808):
      - 30_fix_CVE-2008-1102.

Update was released to fix this issue: http://www.ubuntu.com/usn/usn-699-1

This bug was fixed in the package blender - 2.44-2ubuntu2.1

---------------
blender (2.44-2ubuntu2.1) gutsy-security; urgency=low

  * SECURITY UPDATE: Stack-based buffer overflow in the imb_loadhdr
    function in Blender 2.45 allows user-assisted remote attackers
    to execute arbitrary code via a .blend file that contains a crafted
    Radiance RGBE image (LP: #222592)
    - 20_CVE-2008-1102.diff: Upstream patch to address stack overflow.
    - CVE-2008-1102
  * SECURITY UPDATE: Untrusted search path vulnerability in BPY_interface in
    Blender 2.46 allows local users to execute arbitrary code via a Trojan
    horse Python file in the current working directory, related to an
    erroneous setting of sys.path by the PySys_SetArgv function. (LP: #319501)
    - 01_sanitize_sys.path: Debian patch to no longer load modules from
      current dir. Slightly modified from Debian patch as per recommendation
      from debian patch author.
    - CVE-2008-4863

 -- Stefan Lesicnik <email address hidden> Wed, 21 Jan 2009 10:34:10 +0200

This bug was fixed in the package blender - 2.45-4ubuntu1.1

---------------
blender (2.45-4ubuntu1.1) hardy-security; urgency=low

  * SECURITY UPDATE: Stack-based buffer overflow in the imb_loadhdr
    function in Blender 2.45 allows user-assisted remote attackers
    to execute arbitrary code via a .blend file that contains a crafted
    Radiance RGBE image (LP: #222592)
    - 20_CVE-2008-1102.diff: Upstream patch to address stack overflow.
    - CVE-2008-1102
  * SECURITY UPDATE: Untrusted search path vulnerability in BPY_interface in
    Blender 2.46 allows local users to execute arbitrary code via a Trojan
    horse Python file in the current working directory, related to an
    erroneous setting of sys.path by the PySys_SetArgv function. (LP: #319501)
    - 01_sanitize_sys.path: Debian patch to no longer load modules from
      current dir. Slightly modified from Debian patch as per recommendation
      from debian patch author.
    - CVE-2008-4863

 -- Stefan Lesicnik <email address hidden> Wed, 21 Jan 2009 10:01:23 +0200