Buffer overflow in Google Sketchup

CVE-2013-7388

Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689), allows remote attackers to execute arbitrary code via a crafted RLE4-compressed bitmap (BMP). NOTE: this issue was SPL…

Vulnerability class: Buffer Overflow

EPSS: 0.080 (92.2th percentile) — read the EPSS interpretation.

Affected products

Google Sketchup — versions 6.0, 7.0, 7.1
Trimble Sketchup
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

cve@mitre.org (Exploit, x_refsource_MISC)
sketchup-cve20133664-bo(84723) (vdb-entry, x_refsource_XF)
60248 (vdb-entry, x_refsource_BID)
cve@mitre.org (Exploit, x_refsource_MISC)
53635 (x_refsource_SECUNIA, third-party-advisory)