CVE-2010-0280

Published Jan 15, 2010

Last updated 6 years ago

CVSS info 9.3

Overview

Description: Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in Google SketchUp 7.x before 7.1 M2, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted structures in a 3DS file, probably related to mesh.c.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-189

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:jan_eric_krprianidis:lib3ds:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "31DFFE18-61E1-4B0B-BE76-630A6E3F04C0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:google:google_sketchup:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1654DC5-3E08-4F09-BF95-D5ADDAC7EEB6"
          },
          {
            "criteria": "cpe:2.3:a:google:google_sketchup:7.0.10247:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51465673-7CA9-4F00-BFE6-3313020B5208"
          },
          {
            "criteria": "cpe:2.3:a:google:google_sketchup:7.1.4871:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1C5C3005-EE4F-4D9E-9FFB-2146874CAAE6"
          },
          {
            "criteria": "cpe:2.3:a:google:google_sketchup:7.1.6087:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7254B40E-67A4-4A8B-B22A-B8DB99662BBD"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References