CVE-2016-9305

Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain access to uninitialized pointers.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01	Vendor Advisory
http://www.securityfocus.com/bid/95803

Configurations

Configuration 1 (hide)

cpe:2.3:a:autodesk:fbx_software_development_kit:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-01-25 19:59

Updated : 2023-12-10 12:01

NVD link : CVE-2016-9305

Mitre link : CVE-2016-9305

CVE.ORG link : CVE-2016-9305

JSON object : View

Products Affected

autodesk

fbx_software_development_kit

CWE

CWE-19

Data Processing Errors

{"id": "CVE-2016-9305", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-01-25T19:59:00.250", "references": [{"url": "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/95803", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-19"}]}], "descriptions": [{"lang": "en", "value": "Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain access to uninitialized pointers."}, {"lang": "es", "value": "Manipulaci\u00f3n incorrecta en el SDK de Autodesk FBX en versiones anteriores a 2017.1 de desajustes de tipo y objetos eliminados anteriormente relacionados con la lectura y conversi\u00f3n de archivos de formato FBX mal formados pueden permitir a atacantes obtener acceso a punteros no inicializados."}], "lastModified": "2017-01-28T02:59:00.783", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:autodesk:fbx_software_development_kit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B39E57BA-AAD4-4572-AF3F-3D57BB0D6BF2", "versionEndIncluding": "2017.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}