Описание
Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in Google SketchUp 7.x before 7.1 M2, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted structures in a 3DS file, probably related to mesh.c.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| lib3ds | fixed | 1.3.0-5 | package | |
| lib3ds | no-dsa | lenny | package | |
| lib3ds | no-dsa | etch | package | |
| openscenegraph | fixed | 2.8.0-1 | package | |
| openscenegraph | fixed | 2.4.0-1.1+lenny1 | lenny | package |
Примечания
openscenegraph embeds acopy of lib3ds
http://www.coresecurity.com/content/google-sketchup-vulnerability
issue was published saying it affects google sketchup,
but the vulnerable code is in lib3ds
http://code.google.com/p/lib3ds/issues/detail?id=9
Связанные уязвимости
Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in Google SketchUp 7.x before 7.1 M2, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted structures in a 3DS file, probably related to mesh.c.
Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in Google SketchUp 7.x before 7.1 M2, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted structures in a 3DS file, probably related to mesh.c.
Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in Google SketchUp 7.x before 7.1 M2, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted structures in a 3DS file, probably related to mesh.c.