CVE-2023-40238

A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a specific address duri...

Integer overflow

A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a specific address duri...

CVE-2013-3663

Heap-based buffer overflow in paintlib, as used in Trimble SketchUp formerly Google SketchUp before 8 Maintenance 3, allows remote attackers to execute arbitrary code via a crafted RLE8 compressed BMP...

CVE-2013-3663

SketchUp before 8 Maintenance 3 is affected by CVE-2013-3663 (BMP RLE8 Heap Overflow) due to a heap overflow in the BMP RLE8 decoding path borrowed from paintlib. The vulnerability allows remote code execution by parsing a crafted BMP texture embedded in a SKP file; the issue is fixed in 8M3 (and...

CVE-2013-3663 - SketchUp BMP RLE8 Heap Overflow

If you are still using a not so old version of SketchUp8M3 you should upgrade it... Title: SketchUp BMP RLE8 Heap Overflow Product: Google SketchUp Advisory ID: BINA-20120523 CVE ID: CVE-2013-3663 Class: Boundary Error Condition Buffer Overflow Vulnerability class: Client side/ file format...

Multiple vulnerabilities on sketchup

SketchUp is a 3D modeling program marketed by Trimble Navigation Limitedpreviously Google and designed for architectural, civil, and mechanical engineers as well as filmmakers, game developers, and related professions. SketchUp fails to validate the input when parsing different types of embedded...