Buffer overflow in Google Sketchup

CVE-2013-3662

Timbre SketchUp (formerly Google SketchUp) before 8 Maintenance 2 allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers a stack-based buffer overflow.

Vulnerability class: Buffer Overflow

EPSS: 0.159 (94.9th percentile) — read the EPSS interpretation.

Affected products

Google Sketchup — versions 8.0
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

sketchup-cve20133662-code-exec(84720) (vdb-entry, x_refsource_XF)
cve@mitre.org (Exploit, x_refsource_MISC)
20130531 CVE-2013-3662 - Sketchup MAC Pict Material Palette Stack Corruption (mailing-list, Exploit, x_refsource_BUGTRAQ)