PT-2014-3412 · Trimble · Trimble Sketchup

Published

2014-07-01

Updated

2017-08-29

CVE-2013-7388

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Trimble SketchUp versions prior to 13.0.3689

Description A heap-based buffer overflow issue in paintlib allows remote attackers to execute arbitrary code via a crafted RLE4-compressed bitmap (BMP).

Recommendations For versions prior to 13.0.3689, update to version 13.0.3689 or later to resolve the issue. As a temporary workaround, consider avoiding the use of RLE4-compressed bitmaps (BMP) in Trimble SketchUp until the update is applied.

Exploit

Fix

RCE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2013-7388

Affected Products

Trimble Sketchup

PT-2014-3412 · Trimble · Trimble Sketchup

CVE-2013-7388

Weakness Enumeration

Related Identifiers

Affected Products

References · 6