What is CVE-2013-3664?

CVE-2013-3664 is a vulnerability in Google Sketchup, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2014-07-01.

Is CVE-2013-3664 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Google Sketchup

CVE-2013-3664

Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an out-of-bounds stack write. NOTE: this vulnera…

Vulnerability class: Buffer Overflow

EPSS: 0.166 (95.1th percentile) — read the EPSS interpretation.

Affected products

Google Sketchup — versions 6.0, 7.0, 7.1
Trimble Sketchup
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

References

20130531 CVE-2013-3664 - Sketchup Multiple Vulnerabilities (mailing-list, Exploit, x_refsource_BUGTRAQ)
cve@mitre.org (Exploit, x_refsource_MISC)
sketchup-cve20133664-bo(84723) (vdb-entry, x_refsource_XF)
60248 (vdb-entry, x_refsource_BID)
cve@mitre.org (Exploit, x_refsource_MISC)
53635 (x_refsource_SECUNIA, third-party-advisory)

Frequently asked questions

What is CVE-2013-3664?: CVE-2013-3664 is a vulnerability in Google Sketchup, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2014-07-01.
Is CVE-2013-3664 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.