Heap-Based Buffer Overflow in Trimble SketchUp by Trimble
CVE-2013-7388

Currently unrated

Key Information:

Vendor: Google
Status: Sketchup
Vendor: CVE Published:; 1 July 2014

Summary

A heap-based buffer overflow vulnerability exists in the paintlib component of Trimble SketchUp, which could allow remote attackers to execute arbitrary code. This occurs through the use of specifically crafted RLE4-compressed bitmap (BMP) files, posing significant security risks for users running affected versions of the software. Successful exploitation of this flaw can lead to unauthorized actions within the affected system, compromising user data and system integrity.

References

http://www.binamuse.com/advisories/BINA-20130521B.txt

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/84723

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/60248

vdb-entryx_refsource_BID

EPSS Score

12% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 1, 2014
Vulnerability Reserved
Jul 1, 2014