Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in Google SketchUp 7.x before 7.1 M2, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted structures in a 3DS file, probably related to mesh.c.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Lib3ds | Jan_eric_krprianidis | 1.0 (including) | 1.0 (including) |
| Lib3ds | Ubuntu | dapper | * |
| Lib3ds | Ubuntu | hardy | * |
| Lib3ds | Ubuntu | intrepid | * |
| Lib3ds | Ubuntu | jaunty | * |
| Lib3ds | Ubuntu | karmic | * |
| Lib3ds | Ubuntu | lucid | * |
| Lib3ds | Ubuntu | maverick | * |
| Lib3ds | Ubuntu | natty | * |
| Lib3ds | Ubuntu | oneiric | * |
| Lib3ds | Ubuntu | precise | * |
| Lib3ds | Ubuntu | quantal | * |
| Lib3ds | Ubuntu | raring | * |
| Lib3ds | Ubuntu | saucy | * |
| Lib3ds | Ubuntu | upstream | * |
| Lib3ds | Ubuntu | utopic | * |
| Lib3ds | Ubuntu | vivid | * |
| Lib3ds | Ubuntu | wily | * |
| Lib3ds | Ubuntu | yakkety | * |
References
- http://secunia.com/advisories/38185
- http://secunia.com/advisories/38187
- http://sketchup.google.com/support/bin/answer.py?hl=en\u0026answer=141303
- http://www.coresecurity.com/content/google-sketchup-vulnerability
- http://www.securityfocus.com/archive/1/508913/100/0/threaded
- http://www.securityfocus.com/bid/37708
- http://www.vupen.com/english/advisories/2010/0133
- http://secunia.com/advisories/38185
- http://secunia.com/advisories/38187
- http://sketchup.google.com/support/bin/answer.py?hl=en\u0026answer=141303
- http://www.coresecurity.com/content/google-sketchup-vulnerability
- http://www.securityfocus.com/archive/1/508913/100/0/threaded
- http://www.securityfocus.com/bid/37708
- http://www.vupen.com/english/advisories/2010/0133