Buffer overflow in Google Sketchup

CVE-2012-4894

Google SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SKP file.

Vulnerability class: Buffer Overflow

EPSS: 0.068 (91.5th percentile) — read the EPSS interpretation.

Affected products

Google Sketchup — versions 6.0, 7.0, 7.1
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

85570 (x_refsource_OSVDB, vdb-entry)
cve@mitre.org (x_refsource_MISC)
google-sketchup-skp-code-execution(78676) (vdb-entry, x_refsource_XF)
cve@mitre.org (x_refsource_MISC)
55598 (vdb-entry, x_refsource_BID)