CVE-2010-0280

2010-01-1517:30:00

CWE-189

mitre

web.nvd.nist.gov

cve-2010-0280

array index error

jan eric kyprianidis

lib3ds

google sketchup

denial of service

memory corruption

arbitrary code

3ds file

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

High

EPSS

0.026

Percentile

90.4%

JSON

Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in Google SketchUp 7.x before 7.1 M2, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted structures in a 3DS file, probably related to mesh.c.

Affected configurations

Nvd

Node

jan_eric_krprianidislib3dsMatch1.0

AND

googlegoogle_sketchupMatch7.0

googlegoogle_sketchupMatch7.0.10247

googlegoogle_sketchupMatch7.1.4871

googlegoogle_sketchupMatch7.1.6087

VendorProductVersionCPE
jan_eric_krprianidislib3ds1.0cpe:2.3:a:jan_eric_krprianidis:lib3ds:1.0:*:*:*:*:*:*:*
googlegoogle_sketchup7.0cpe:2.3:a:google:google_sketchup:7.0:*:*:*:*:*:*:*
googlegoogle_sketchup7.0.10247cpe:2.3:a:google:google_sketchup:7.0.10247:*:*:*:*:*:*:*
googlegoogle_sketchup7.1.4871cpe:2.3:a:google:google_sketchup:7.1.4871:*:*:*:*:*:*:*
googlegoogle_sketchup7.1.6087cpe:2.3:a:google:google_sketchup:7.1.6087:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
jan_eric_krprianidis	lib3ds	1.0	cpe:2.3:a:jan_eric_krprianidis:lib3ds:1.0:::::::*
google	google_sketchup	7.0	cpe:2.3:a:google:google_sketchup:7.0:::::::*
google	google_sketchup	7.0.10247	cpe:2.3:a:google:google_sketchup:7.0.10247:::::::*
google	google_sketchup	7.1.4871	cpe:2.3:a:google:google_sketchup:7.1.4871:::::::*
google	google_sketchup	7.1.6087	cpe:2.3:a:google:google_sketchup:7.1.6087:::::::*