Heap-based Buffer Overflow in Autodesk SketchBook for Enterprise and Pro
CVE-2013-5365

Currently unrated

Key Information:

Vendor: Autodesk
Status: Sketchbook For Enterprise 2014; Sketchbook Pro; Sketchbook Express; Sketchbook
Vendor: CVE Published:; 2 April 2014

Summary

A heap-based buffer overflow vulnerability exists in Autodesk SketchBook for Enterprise, Pro, and Express versions prior to 6.25, and Copic Edition before 2.0.2. This security flaw allows remote attackers to exploit RLE-compressed channel data in a PSD file, potentially leading to the execution of arbitrary code. Users are advised to upgrade to the latest versions to mitigate the risks associated with this vulnerability.

References

http://www.sketchbook.com/news/important-security-update-...

x_refsource_CONFIRM

http://secunia.com/advisories/55000

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/secunia_research/2014-5

x_refsource_MISC

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 2, 2014
Vulnerability Reserved
Aug 21, 2013