Use-After-Free Vulnerability in Trimble SketchUp Viewer SKP File Parsing
CVE-2024-9719

7.8HIGH

Key Information:

Vendor: Trimble
Status: Sketchup Viewer
Vendor: CVE Published:; 22 November 2024

What is CVE-2024-9719?

This vulnerability arises from a flaw in the parsing mechanism of SKP files within the Trimble SketchUp Viewer. The vulnerability allows attackers to execute arbitrary code in the context of the running process. This occurs due to insufficient validation of object existence before operations are conducted, leading to potential exploitation when a user interacts with a compromised page or file. Users must ensure that they only open files from trusted sources to mitigate this security risk.

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1379/

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2024