Sketchup
CVE-2013-3664
CRITICAL
Severity by source
AV:N/AC:M/Au:N/C:C/I:C/A:C
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:M/Au:N/C:C/I:C/A:C
Lifecycle Timeline
1DescriptionCVE.org
Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an out-of-bounds stack write. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3662. NOTE: this issue was SPLIT due to different affected products and codebases (ADT1); CVE-2013-7388 has been assigned to the paintlib issue.
AnalysisAI
Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 16.6%.
Technical ContextAI
This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an out-of-bounds stack write. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3662. NOTE: this issue was SPLIT due to different affected products and codebases (ADT1); CVE-2013-7388 has been assigned to the paintlib issue. Affected products include: Google Sketchup, Trimble Sketchup. Version information: before 2013.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.
Timbre SketchUp (formerly Google SketchUp) before 8 Maintenance 2 allows remote attackers to execute arbitrary code via
Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 8 Maintenance 3, a
Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689),
Google SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows user-assisted remote attackers to execute arbitrary code o
Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary c
Trimble SketchUp SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability. Rated high severity (CVSS
Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), th
Trimble SketchUp SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (
Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability. Rated high severity (CVS
Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability. Rated high severity (CVS
Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 7
Trimble SketchUp Pro SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8)
Same weakness CWE-119 – Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today