Vulnerability CVE-2010-0280

Vulnerability Name:

CVE-2010-0280 (CCN-55637)

Assigned:

2010-01-14

Published:

2010-01-14

Updated:

2018-10-10

Summary:

Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in Google SketchUp 7.x before 7.1 M2, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted structures in a 3DS file, probably related to mesh.c.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-189

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2010-0280

Source: CCN
Type: SA38185
lib3ds "face_array_read()" Memory Corruption Vulnerability

Source: SECUNIA
Type: Vendor Advisory
38185

Source: CCN
Type: SA38187
Google SketchUp 3DS and SKP Processing Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
38187

Source: CCN
Type: Google Sketchup Web site
Google SketchUp 7.1 - Maintenance 2

Source: CONFIRM
Type: UNKNOWN
http://sketchup.google.com/support/bin/answer.py?hl=en&answer=141303

Source: CCN
Type: CORE-2009-1209
Google SketchUp 'lib3ds' 3DS Importer Memory Corruption

Source: MISC
Type: Exploit
http://www.coresecurity.com/content/google-sketchup-vulnerability

Source: CCN
Type: lib3ds Web site
lib3ds

Source: CCN
Type: OSVDB ID: 61685
lib3ds lib3ds/mesh.c face_array_read() Function 3DS File Handling Memory Corruption

Source: BUGTRAQ
Type: UNKNOWN
20100113 [CORE-2009-1209] Google SketchUp 'lib3ds' 3DS Importer Memory Corruption

Source: BID
Type: Exploit
37708

Source: CCN
Type: BID-37708
Google SketchUp 3DS File Remote Memory Corruption Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2010-0133

Source: XF
Type: UNKNOWN
sketchup-lib3ds-3ds-code-execution(55637)

Vulnerable Configuration:

Configuration 1:

cpe:/a:jan_eric_krprianidis:lib3ds:1.0:*:*:*:*:*:*:*

AND

cpe:/a:google:google_sketchup:7.0:*:*:*:*:*:*:*

OR cpe:/a:google:google_sketchup:7.0.10247:*:*:*:*:*:*:*

OR cpe:/a:google:google_sketchup:7.1.4871:*:*:*:*:*:*:*

OR cpe:/a:google:google_sketchup:7.1.6087:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:google:sketchup:7.0:maintenance_1:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20100280	V	CVE-2010-0280	2022-09-02
oval:org.opensuse.security:def:112546	P	lib3ds-1-3-1.3.0-29.3 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:10439	P	Security update for SDL2 (Important) (in QA)	2022-01-12
oval:org.opensuse.security:def:10426	P	Security update for apache2 (Important) (in QA)	2022-01-10
oval:org.opensuse.security:def:9480	P	Security update for libvirt (Important)	2022-01-05
oval:org.opensuse.security:def:10671	P	Security update for gegl (Important)	2021-12-31
oval:org.opensuse.security:def:9126	P	Security update for go1.17 (Moderate)	2021-12-23
oval:org.opensuse.security:def:9835	P	Security update for p11-kit (Important)	2021-12-22
oval:org.opensuse.security:def:9432	P	Security update for the Linux Kernel (Important)	2021-12-07
oval:org.opensuse.security:def:9618	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:9417	P	Security update for MozillaFirefox (Important)	2021-11-10
oval:org.opensuse.security:def:9413	P	Security update for busybox (Important)	2021-10-27
oval:org.opensuse.security:def:9801	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:106035	P	Security update for grilo (Important)	2021-10-06
oval:org.opensuse.security:def:9596	P	Security update for curl (Moderate)	2021-10-06
oval:org.opensuse.security:def:9404	P	Security update for grilo (Important)	2021-10-06
oval:org.opensuse.security:def:10345	P	Security update for grilo (Important)	2021-10-06
oval:org.opensuse.security:def:9788	P	Security update for openssl-1_1 (Low)	2021-09-07
oval:org.opensuse.security:def:10693	P	Security update for ntfs-3g_ntfsprogs (Important)	2021-09-07
oval:org.opensuse.security:def:9398	P	Security update for openssl-1_1 (Low)	2021-09-07
oval:org.opensuse.security:def:9395	P	Security update for libesmtp (Important)	2021-09-03
oval:org.opensuse.security:def:9583	P	Security update for dovecot23 (Moderate)	2021-08-31
oval:org.opensuse.security:def:9779	P	Security update for openssl-1_1 (Important)	2021-08-24
oval:org.opensuse.security:def:9574	P	Security update for djvulibre (Important)	2021-08-20
oval:org.opensuse.security:def:10127	P	Security update for cpio (Important)	2021-08-16
oval:org.opensuse.security:def:9556	P	Security update for curl (Moderate)	2021-07-21
oval:org.opensuse.security:def:9742	P	Security update for openexr (Important)	2021-06-24
oval:org.opensuse.security:def:10291	P	Security update for libnettle (Important)	2021-06-23
oval:org.opensuse.security:def:10108	P	Security update for wireshark (Important)	2021-06-22
oval:org.opensuse.security:def:9737	P	Security update for dovecot23 (Important)	2021-06-22
oval:org.opensuse.security:def:9353	P	Security update for dovecot23 (Important)	2021-06-22
oval:org.opensuse.security:def:9351	P	Security update for xterm (Important)	2021-06-18
oval:org.opensuse.security:def:9532	P	Security update for java-1_8_0-openjdk (Moderate)	2021-06-17
oval:org.opensuse.security:def:11228	P	Security update for htmldoc (Important)	2021-06-17
oval:org.opensuse.security:def:10277	P	Security update for spice-gtk (Moderate)	2021-06-10
oval:org.opensuse.security:def:10278	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:9720	P	Security update for pam_radius (Moderate)	2021-06-08
oval:org.opensuse.security:def:15768	P	lib3ds-1-3-1.3.0-25.5 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:10093	P	Security update for pam_radius (Moderate)	2021-06-08
oval:org.opensuse.security:def:15973	P	lib3ds-1-3-1.3.0-25.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16206	P	lib3ds-1-3-1.3.0-25.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:124470	P	lib3ds-1-3-1.3.0-25.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15589	P	lib3ds-1-3-1.3.0-25.5 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16464	P	lib3ds-1-3-1.3.0-25.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:10269	P	Security update for libwebp (Critical)	2021-06-04
oval:org.opensuse.security:def:9712	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:9328	P	Security update for graphviz (Critical)	2021-05-19
oval:org.opensuse.security:def:9510	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:10077	P	Security update for the Linux Kernel (Important)	2021-05-12
oval:org.opensuse.security:def:10256	P	Security update for shim (Important)	2021-05-11
oval:org.opensuse.security:def:9305	P	Security update for xorg-x11-server (Important)	2021-04-13
oval:org.opensuse.security:def:9488	P	Security update for open-iscsi (Important)	2021-04-13
oval:org.opensuse.security:def:10055	P	Security update for fwupdate (Important)	2021-04-08
oval:org.opensuse.security:def:10234	P	Security update for OpenIPMI (Moderate)	2021-04-01
oval:org.opensuse.security:def:9869	P	Security update for gnutls (Important)	2021-03-24
oval:org.opensuse.security:def:10227	P	Security update for gnutls (Important)	2021-03-24
oval:org.opensuse.security:def:9104	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:10407	P	Security update for kernel-firmware (Important)	2021-03-03
oval:org.opensuse.security:def:9096	P	Security update for MozillaFirefox (Important)	2021-03-02
oval:org.opensuse.security:def:9850	P	Security update for java-1_8_0-openjdk (Moderate)	2021-03-01
oval:org.opensuse.security:def:10202	P	Security update for screen (Important)	2021-02-17
oval:org.opensuse.security:def:10392	P	Security update for screen (Important)	2021-02-17
oval:org.opensuse.security:def:9637	P	Security update for subversion (Important)	2021-02-10
oval:org.opensuse.security:def:9603	P	Security update for java-11-openjdk (Important)	2021-02-09
oval:org.opensuse.security:def:10299	P	Security update for go1.15 (Moderate)	2021-01-28
oval:org.opensuse.security:def:9507	P	Security update for tcmu-runner (Important)	2021-01-18
oval:org.opensuse.security:def:9283	P	Security update for flac (Moderate)	2020-12-24
oval:org.opensuse.security:def:10033	P	Security update for openssh (Moderate)	2020-12-18
oval:org.opensuse.security:def:9275	P	Security update for openssl-1_1 (Important)	2020-12-09
oval:org.opensuse.security:def:16764	P	lib3ds-1-3-1.3.0-25.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:3928	P	lib3ds-1-3-1.3.0-25.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:10000	P	systemtap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:11250	P	lib3ds-1-3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10929	P	glibc-devel-static on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10526	P	libotr-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10461	P	lib3ds-1-3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9219	P	perl-HTML-Parser on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10011	P	vsftpd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9978	P	python-requests on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10020	P	xlockmore on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10501	P	libgssglue-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10568	P	libzmq3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9172	P	libvirt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9969	P	pigz on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9970	P	ppp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9253	P	sblim-sfcb on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10590	P	python-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10046	P	cups-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10951	P	lib3ds-1-3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9944	P	mailx on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9234	P	python-imaging on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10577	P	ocaml on GA media (Moderate)	2020-12-01
oval:com.ubuntu.precise:def:20100280000	V	CVE-2010-0280 on Ubuntu 12.04 LTS (precise) - medium.	2010-01-15
oval:com.ubuntu.xenial:def:201002800000000	V	CVE-2010-0280 on Ubuntu 16.04 LTS (xenial) - medium.	2010-01-15
oval:com.ubuntu.trusty:def:20100280000	V	CVE-2010-0280 on Ubuntu 14.04 LTS (trusty) - medium.	2010-01-15
oval:com.ubuntu.xenial:def:20100280000	V	CVE-2010-0280 on Ubuntu 16.04 LTS (xenial) - medium.	2010-01-15

BACK