Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in Google SketchUp 7.x before 7.1 M2, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted structures in a 3DS file, probably related to mesh.c.

The remote host is affected by the vulnerability described in GLSA-201405-23 (lib3ds: User-assisted execution of arbitrary code)

    An array index error has been discovered in lib3ds.
  Impact :

    A remote attacker could entice a user to open a specially crafted 3DS       file using an application linked against lib3ds, possibly resulting in       execution of arbitrary code with the privileges of the process or a       Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

The version of Google SketchUp installed on the remote host is earlier than 7.1 Maintenance Release 2.  Such versions fail to perform adequate checks when processing data contained in '.SKP' and '.3DS' files, therefore allowing memory to become corrupted.  An attacker can exploit this issue by providing a specially crafted '.SKP' or '.3DS' file to the victim that can execute arbitrary code in the context of the application.

Security update: this update fixes a security vulnerability in lib3ds, see also rhbz #651240

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

- Tue Sep 14 2010 Ralf Corsepius <corsepiu at     fedoraproject> - 1.3.0-9

    - Address       https://bugzilla.redhat.com/show_bug.cgi?id=633475       (CVE-2010-0280).

    - Adopt Debian patch to add missing decl.

    - Tue May 11 2010 Ralf Corsepius <corsepiu at       fedoraproject> - 1.3.0-8

    - Adopt EPEL spec cleanup.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

- Bug #633475 - CVE-2010-0280 lib3ds buffer overflow

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
74065	GLSA-201405-23 : lib3ds: User-assisted execution of arbitrary code	Nessus	Gentoo Local Security Checks	high
56980	Google SketchUp < 7.1 M2 Remote Code Execution Vulnerabilities	Nessus	Windows	high
50662	Fedora 13 : mingw32-OpenSceneGraph-2.8.2-3.fc13 (2010-17621)	Nessus	Fedora Local Security Checks	high
49682	Fedora 13 : lib3ds-1.3.0-9.fc13 (2010-14644)	Nessus	Fedora Local Security Checks	high
49681	Fedora 12 : lib3ds-1.3.0-9.fc12 (2010-14632)	Nessus	Fedora Local Security Checks	high
49662	Fedora 14 : lib3ds-1.3.0-9.fc14 (2010-14730)	Nessus	Fedora Local Security Checks	high

Detections

Analytics

CVE-2010-0280

high

Tenable Plugins

high

high

high

high

high

high