Upstream information

CVE-2010-0280 at MITRE

Description

Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in Google SketchUp 7.x before 7.1 M2, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted structures in a 3DS file, probably related to mesh.c.

SUSE information

Overall state of this security issue: Ignore

This issue is currently rated as having critical severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 9.3
Vector AV:N/AC:M/Au:N/C:C/I:C/A:C
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
No SUSE Bugzilla entries cross referenced.

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Software Development Kit 12
  • lib3ds-1-3 >= 1.3.0-25.5
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 GA lib3ds-1-3
SUSE Linux Enterprise Software Development Kit 12 SP1
  • lib3ds-1-3 >= 1.3.0-25.5
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP1 GA lib3ds-1-3
SUSE Linux Enterprise Software Development Kit 12 SP2
  • lib3ds-1-3 >= 1.3.0-25.5
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA lib3ds-1-3
SUSE Linux Enterprise Software Development Kit 12 SP3
  • lib3ds-1-3 >= 1.3.0-25.5
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP3 GA lib3ds-1-3
openSUSE Tumbleweed
  • lib3ds-1-3 >= 1.3.0-29.3
  • lib3ds-devel >= 1.3.0-29.3
Patchnames:
openSUSE Tumbleweed GA lib3ds-1-3