Heap-based Buffer Overflow in Autodesk SketchBook Pro by Remote Attackers
CVE-2014-3938

Currently unrated

Key Information:

Vendor: Autodesk
Status: Sketchbook Pro
Vendor: CVE Published:; 23 July 2014

Summary

The vulnerability in Autodesk SketchBook Pro prior to version 6.2.6 involves an integer overflow issue that allows remote attackers to execute arbitrary code. This is achieved via specially crafted layer mask data contained in a PSD file, leading to a heap-based buffer overflow. Exploitation of this vulnerability can potentially enable unauthorized control over the affected system, raising serious security concerns for users.

References

http://secunia.com/secunia_research/2014-6/

x_refsource_MISC

http://secunia.com/advisories/58000

third-party-advisoryx_refsource_SECUNIA

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 23, 2014
Vulnerability Reserved
Jun 2, 2014