CVE-2013-5365

2014-04-0216:05:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2013-5365

buffer overflow

autodesk sketchbook

enterprise

pro

express

copic edition

psd file

rle compression

remote code execution

8.3 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.058 Low

EPSS

Percentile

93.4%

JSON

Heap-based buffer overflow in Autodesk SketchBook for Enterprise 2014, Pro, and Express before 6.25, and Copic Edition before 2.0.2 allows remote attackers to execute arbitrary code via RLE-compressed channel data in a PSD file.

CPENameOperatorVersion
autodesk:sketchbook_for_enterprise_2014autodesk sketchbook for enterprise 2014le6.2.4
autodesk:sketchbook_proautodesk sketchbook prole6.2.4
autodesk:sketchbook_expressautodesk sketchbook expressle6.2.4
autodesk:sketchbookautodesk sketchbookle6.2.4

CPE	Name	Operator	Version
autodesk:sketchbook_for_enterprise_2014	autodesk sketchbook for enterprise 2014	le	6.2.4
autodesk:sketchbook_pro	autodesk sketchbook pro	le	6.2.4
autodesk:sketchbook_express	autodesk sketchbook express	le	6.2.4
autodesk:sketchbook	autodesk sketchbook	le	6.2.4