Skip to main content

Sketchup

16 CVEs product

Monthly

CVE-2026-9264 PATCH Awaiting Data

A cross-site scripting (XSS) vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution and local file exfiltration through maliciously crafted SKP files. The vulnerability stems from improper input sanitization in the component options window, enabling attackers to execute arbitrary system commands and read local files without user interaction by exploiting an embedded Internet Explorer 11 browser.

XSS RCE Information Disclosure LFI Sketchup
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2025-2024 HIGH This Week

Trimble SketchUp SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Sketchup
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2024-7511 MEDIUM This Month

Trimble SketchUp Pro SKP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Sketchup
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-7510 HIGH This Week

Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Sketchup
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-7509 HIGH This Week

Trimble SketchUp SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Sketchup
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-9731 HIGH This Week

Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sketchup
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-9730 HIGH This Week

Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sketchup
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-9729 HIGH This Week

Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Sketchup
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-9713 HIGH This Week

Trimble SketchUp Pro SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Sketchup
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-9712 HIGH This Week

Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Sketchup
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2016-2536 HIGH This Week

Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SAP 3D Visual Enterprise Viewer Sketchup
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2013-7388 CRITICAL POC Act Now

Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689), allows remote attackers to execute arbitrary code via a crafted RLE4-compressed. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Google Buffer Overflow Sketchup
NVD
CVSS 2.0
9.3
EPSS
8.0%
CVE-2013-3664 CRITICAL POC THREAT Emergency

Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 16.6%.

RCE Google Buffer Overflow Sketchup
NVD
CVSS 2.0
9.3
EPSS
16.6%
CVE-2013-3662 CRITICAL POC THREAT Emergency

Timbre SketchUp (formerly Google SketchUp) before 8 Maintenance 2 allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 15.9%.

RCE Google Buffer Overflow Sketchup
NVD
CVSS 2.0
9.3
EPSS
15.9%
CVE-2013-3663 CRITICAL POC THREAT Emergency

Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 8 Maintenance 3, allows remote attackers to execute arbitrary code via a crafted RLE8 compressed. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 15.9%.

RCE Google Buffer Overflow Sketchup
NVD
CVSS 2.0
9.3
EPSS
15.9%
CVE-2012-4894 CRITICAL Act Now

Google SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SKP file. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Google RCE Sketchup
NVD
CVSS 2.0
9.3
EPSS
6.8%
EPSS 0% CVSS 9.3
PATCH Awaiting Data

A cross-site scripting (XSS) vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution and local file exfiltration through maliciously crafted SKP files. The vulnerability stems from improper input sanitization in the component options window, enabling attackers to execute arbitrary system commands and read local files without user interaction by exploiting an embedded Internet Explorer 11 browser.

XSS RCE Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Trimble SketchUp SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Sketchup
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Trimble SketchUp Pro SKP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Trimble SketchUp SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sketchup
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sketchup
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Trimble SketchUp Pro SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SAP 3D Visual Enterprise Viewer +1
NVD
EPSS 8% CVSS 9.3
CRITICAL POC Act Now

Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689), allows remote attackers to execute arbitrary code via a crafted RLE4-compressed. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Google Buffer Overflow +1
NVD
EPSS 17% CVSS 9.3
CRITICAL POC THREAT Emergency

Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 16.6%.

RCE Google Buffer Overflow +1
NVD
EPSS 16% CVSS 9.3
CRITICAL POC THREAT Emergency

Timbre SketchUp (formerly Google SketchUp) before 8 Maintenance 2 allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 15.9%.

RCE Google Buffer Overflow +1
NVD
EPSS 16% CVSS 9.3
CRITICAL POC THREAT Emergency

Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 8 Maintenance 3, allows remote attackers to execute arbitrary code via a crafted RLE8 compressed. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 15.9%.

RCE Google Buffer Overflow +1
NVD
EPSS 7% CVSS 9.3
CRITICAL Act Now

Google SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SKP file. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Google +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy