Comment 13 for bug 222592

Secunia Research has discovered a vulnerability in Blender, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the "imb_loadhdr()" function in source/blender/imbuf/intern/radiance_hdr.c, which can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted Blender (*.blend) file containing a malicious Radiance RGBE image.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in version 2.45. Other versions may also be affected.

Solution:
Fixed in the SVN repository.