PT-2014-2918 · Autodesk+1 · Autodesk Sketchbook Copic Edition+4

Published

2014-04-02

Updated

2014-04-05

CVE-2013-5365

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Autodesk SketchBook for Enterprise versions prior to 6.25 Autodesk SketchBook Pro versions prior to 6.25 Autodesk SketchBook Express versions prior to 6.25 Autodesk SketchBook Copic Edition versions prior to 2.0.2

Description The issue allows remote attackers to execute arbitrary code via RLE-compressed channel data in a PSD file. This is due to a heap-based buffer overflow.

Recommendations For Autodesk SketchBook for Enterprise versions prior to 6.25, update to version 6.25 or later. For Autodesk SketchBook Pro versions prior to 6.25, update to version 6.25 or later. For Autodesk SketchBook Express versions prior to 6.25, update to version 6.25 or later. For Autodesk SketchBook Copic Edition versions prior to 2.0.2, update to version 2.0.2 or later.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2013-5365

Affected Products

Autodesk Sketchbook Copic Edition

Autodesk Sketchbook Express

Autodesk Sketchbook Pro

Autodesk Sketchbook For Enterprise

Psd

PT-2014-2918 · Autodesk+1 · Autodesk Sketchbook Copic Edition+4

CVE-2013-5365

Weakness Enumeration

Related Identifiers

Affected Products

References · 4