Lucene search
K
TrimbleSketchup

11 matches found

CVE
CVE
added 2014/07/01 5:0 p.m.163 views

CVE-2013-3664

CVE-2013-3664 affects Trimble SketchUp (formerly Google SketchUp) before version 13.0.3689. It permits remote code execution via a crafted color palette table in a MAC Pict texture, causing an out-of-bounds stack write. This CVE exists due to an incomplete fix for CVE-2013-3662 and was split from...

9.3CVSS7.6AI score0.29778EPSS
CVE
CVE
added 2024/11/22 8:50 p.m.107 views

CVE-2024-9712

Summary: CVE-2024-9712 affects Trimble SketchUp via the SKP file parsing path, leading to a use-after-free that enables remote code execution. Affected component: SketchUp SKP parser (parsing of SKP files). Root cause (as stated): The vulnerability arises from not validating the existence of an o...

7.8CVSS8AI score0.00374EPSS
CVE
CVE
added 2024/11/22 8:51 p.m.67 views

CVE-2024-9713

CVE-2024-9713: Trimble SketchUp Pro SKP file parsing use-after-free vulnerability that allows arbitrary code execution. The flaw stems from not validating the existence of an object prior to performing operations during SKP parsing, enabling an attacker to execute code in the current process. Exp...

7.8CVSS8AI score0.00374EPSS
CVE
CVE
added 2024/11/22 8:52 p.m.64 views

CVE-2024-9731

CVE-2024-9731 affects Trimble SketchUp Viewer. The issue is a memory corruption vulnerability in SKP file parsing caused by insufficient validation of user-supplied data, enabling remote code execution in the context of the affected process. Exploitation requires user interaction (target visits a...

7.8CVSS8.1AI score0.0029EPSS
CVE
CVE
added 2024/11/22 9:31 p.m.63 views

CVE-2024-7509

CVE-2024-7509 concerns Trimble SketchUp SKP file parsing that results in a stack-based buffer overflow, enabling Remote Code Execution . The flaw arises from insufficient validation of the length of user-supplied data before copying to a stack buffer. Exploitation requires user interaction (targe...

7.8CVSS8AI score0.00417EPSS
CVE
CVE
added 2014/07/01 5:0 p.m.61 views

CVE-2013-7388

The CVE-2013-7388 entry describes a heap-based buffer overflow in the paintlib component used by Trimble SketchUp prior to version 13.0.3689, exploitable via a crafted RLE4 BMP. This affects SketchUp’s use of paintlib; the issue is described as a heap overflow enabling remote code execution. The ...

9.3CVSS8AI score0.13248EPSS
CVE
CVE
added 2025/03/07 7:37 p.m.57 views

CVE-2025-2024

CVE-2025-2024 affects Trimble SketchUp via its SKP file parser. The flaw is an uninitialized memory access in SKP file parsing, allowing an attacker to execute code in the process context. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). The vulnerab...

7.8CVSS7.8AI score0.00431EPSS
CVE
CVE
added 2024/11/22 8:52 p.m.56 views

CVE-2024-9730

Summary (concrete details from sources): CVE-2024-9730 affects Trimble SketchUp Viewer via a memory corruption flaw in SKP file parsing. The issue allows remote code execution with user interaction required (target must visit a malicious page or open a malicious file); exploitation is tied to imp...

7.8CVSS8.1AI score0.00271EPSS
CVE
CVE
added 2024/11/22 8:52 p.m.52 views

CVE-2024-9729

CVE-2024-9729 – Trimble SketchUp Viewer SKP File Parsing Use-After-Free : The vulnerability stems from parsing SKP files in SketchUp Viewer, where the code fails to validate an object's existence before operations, enabling a use-after-free that can lead to arbitrary code execution. Exploitation ...

7.8CVSS8AI score0.00302EPSS
CVE
CVE
added 2024/11/22 9:32 p.m.50 views

CVE-2024-7510

CVE-2024-7510 pertains to Trimble SketchUp SKP file parsing and a Use-After-Free condition that enables remote code execution. The flaw arises from not validating the existence of an object before performing operations during SKP file parsing, allowing code execution in the attacker’s context. Ex...

7.8CVSS8AI score0.00472EPSS
CVE
CVE
added 2024/11/22 9:32 p.m.48 views

CVE-2024-7511

CVE-2024-7511 affects Trimble SketchUp Pro SKP files. The issue is an out-of-bounds read during PSD data parsing embedded in SKP files, caused by inadequate validation of user-supplied data. This can allow information disclosure and, per the sources, could be leveraged with other vulnerabilities ...

5.5CVSS3.3AI score0.00398EPSS