Use-After-Free Vulnerability in Trimble SketchUp SKP File Parsing
CVE-2024-7510

7.8HIGH

Key Information:

Vendor: Trimble
Status: Sketchup
Vendor: CVE Published:; 22 November 2024

What is CVE-2024-7510?

The security flaw in Trimble SketchUp arises from improper handling during the parsing of SKP files, leading to a use-after-free condition. This vulnerability allows remote attackers to execute arbitrary code by tricking users into visiting malicious webpages or opening compromised SKP files. The vulnerability stems from a failure to validate the existence of objects prior to conducting operations on them, potentially letting attackers execute unintended commands within the context of the affected application.

Affected Version(s)

SketchUp 22.0.354.0

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1056/

x_research-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

CVSS V3.0

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2024

CVE-2024-7510 Data

JSON