Buffer overflow in Google Sketchup

CVE-2013-3663

Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 8 Maintenance 3, allows remote attackers to execute arbitrary code via a crafted RLE8 compressed BMP.

Vulnerability class: Buffer Overflow

EPSS: 0.159 (94.9th percentile) — read the EPSS interpretation.

Affected products

Google Sketchup — versions 6.0, 7.0, 7.1
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

20130531 CVE-2013-3663 - SketchUp BMP RLE8 Heap Overflow (mailing-list, Exploit, x_refsource_BUGTRAQ)
sketchup-cve20133663-bo(84721) (vdb-entry, x_refsource_XF)
cve@mitre.org (Exploit, x_refsource_MISC)