CVE-2010-0280

Description

Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in Google SketchUp 7.x before 7.1 M2, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted structures in a 3DS file, probably related to mesh.c.

How to fix CVE-2010-0280

To remediate CVE-2010-0280, upgrade the affected package to a fixed version below.

• Debian/lib3ds—upgrade to 1.3.0-5 or later
• Debian/openscenegraph—upgrade to 2.8.0-1 or later

Is CVE-2010-0280 being exploited?

Moderate — EPSS is 6.7%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

• from 0, < 1.3.0-5
• from 0, < 2.8.0-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2010-0280