CVE-2013-7388

2014-07-0117:55:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2013-7388

trimble

sketchup

buffer overflow

code execution

paintlib

rle4

bitmap

nvd

7.8 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.284 Low

EPSS

Percentile

96.8%

JSON

Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689), allows remote attackers to execute arbitrary code via a crafted RLE4-compressed bitmap (BMP). NOTE: this issue was SPLIT from CVE-2013-3664 due to different affected products and codebases (ADT1).

CPENameOperatorVersion
google:sketchupgoogle sketchupeq7.1
google:sketchupgoogle sketchupeq8.0
google:sketchupgoogle sketchupeq7.0
google:sketchupgoogle sketchupeq6.0
trimble:sketchuptrimble sketchuple8.0

CPE	Name	Operator	Version
google:sketchup	google sketchup	eq	7.1
google:sketchup	google sketchup	eq	8.0
google:sketchup	google sketchup	eq	7.0
google:sketchup	google sketchup	eq	6.0
trimble:sketchup	trimble sketchup	le	8.0