27 matches found
CVE-2024-9726
CVE-2024-9726 affects Trimble SketchUp Viewer. The vulnerability arises in the parsing of SKP files, caused by insufficient validation of the length of untrusted data copied into a fixed-size stack buffer, leading to a stack-based buffer overflow and remote code execution. Exploitation requires u...
CVE-2023-50196
Technical details (affected product/version, exploit specifics, and remediation) are not public in the provided documents. Monitor for updates from official advisories for CVE-2023-50196.
CVE-2023-50188
CVE-2023-50188 affects Trimble SketchUp Viewer. The issue is in SKP file parsing due to uninitialized memory access, enabling remote code execution when a user opens a malicious SKP/file or visits a crafted page. Exploitation requires user interaction; the attacker would run code in the target’s ...
CVE-2023-50195
CVE-2023-50195 concerns Trimble SketchUp Viewer, where the SKP file parsing is vulnerable to an out-of-bounds read that can enable remote code execution. The issue stems from improper validation of user-supplied data, potentially reading past the end of an allocated buffer. Exploitation requires ...
CVE-2024-9719
CVE-2024-9719 affects Trimble SketchUp Viewer via SKP file parsing. The flaw is a use-after-free in the SKP parser caused by not validating object existence before performing operations, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a...
CVE-2024-9721
The CVE-2024-9721 entry concerns Trimble SketchUp Viewer. Affected component: SKP file parsing in the viewer. Root cause: lack of validating the existence of an object before performing operations, leading to a use-after-free condition. Impact: remote code execution in the context of the current ...
CVE-2024-9724
This CVE affects Trimble SketchUp Viewer: SKP file parsing is vulnerable to a use-after-free that can lead to remote code execution. The flaw arises from not validating the existence of an object before performing operations on it, enabling code execution in the current process. Exploitation requ...
CVE-2023-50194
This CVE (CVE-2023-50194) affects Trimble SketchUp Viewer. The vulnerability stems from parsing SKP files, where insufficient validation can cause a read past the end of an allocated object in the parser, enabling remote code execution. It requires user interaction (the target must open a malicio...
CVE-2023-50189
CVE-2023-50189 concerns Trimble SketchUp Viewer. The vulnerability arises in SKP file parsing where the code fails to validate the existence of an object before operating on it, resulting in a use-after-free that can lead to remote code execution. Exploitation requires user interaction (target us...
CVE-2024-7508
CVE-2024-7508 : In Trimble SketchUp Viewer, SKP file parsing is vulnerable to a heap-based buffer overflow due to unsafe validation of the length of user-supplied data before copying to a fixed-size heap buffer. This allows arbitrary code execution in the context of the current process and requir...
CVE-2024-9725
CVE-2024-9725 : Trimble SketchUp Viewer is affected by a Use-After-Free vulnerability in SKP file parsing caused by not validating object existence before operations. This can lead to remote code execution and requires user interaction (visiting a malicious page or opening a malicious file). Publ...
CVE-2023-50187
CVE-2023-50187 : Trimble SketchUp Viewer is affected by a memory corruption vulnerability in the SKP file parser. The flaw arises from insufficient validation of user-supplied SKP data, enabling remote code execution in the context of the target process. Exploitation requires user interaction (ta...
CVE-2023-50190
CVE-2023-50190 affects Trimble SketchUp Viewer with an out-of-bounds write in SKP file parsing that can lead to remote code execution. The root cause is insufficient validation of user-supplied SKP data, allowing a write past the end of an allocated buffer. Exploitation requires user interaction ...
CVE-2024-9716
CVE-2024-9716 affects Trimble SketchUp Viewer via a Use-After-Free in SKP file parsing. The flaw arises from not validating an object’s existence before performing operations, allowing an attacker to execute code in the affected process. Exploitation requires user interaction (visiting a maliciou...
CVE-2024-9727
CVE-2024-9727 describes a remote code execution flaw in Trimble SketchUp Viewer related to SKP file parsing. The root cause is the lack of validating the existence of an object before performing operations on it, enabling a crafted SKP file to execute code in the current process. The vulnerabilit...
CVE-2023-50191
CVE-2023-50191 affects Trimble SketchUp Viewer via a vulnerability in SKP file parsing, described as a use-after-free that allows remote code execution. The flaw arises from not validating the existence of an object before performing operations, enabling an attacker to run code in the target proc...
CVE-2024-9714
This CVE concerns Trimble SketchUp Viewer. The SKP file parsing flaw allows Use-After-Free that enables Remote Code Execution. Impact is high (CVE mentions code execution in the current process; vector is LOCAL with user interaction required). The root cause is failure to validate object existenc...
CVE-2023-50192
CVE-2023-50192 affects Trimble SketchUp Viewer. The vulnerability is a Use-After-Free in SKP file parsing that allows remote code execution. It requires user interaction (target must visit a malicious page or open a malicious file). The issue arises from not validating object existence before ope...
CVE-2024-9717
CVE-2024-9717 affects Trimble SketchUp Viewer through the SKP file parser, where an uninitialized memory access allows remote code execution. The vulnerability enables an attacker to execute arbitrary code in the context of the target process when a user opens a malicious SKP file or visits a cra...
CVE-2024-9722
CVE-2024-9722 affects Trimble SketchUp Viewer through the SKP file parsing path, where a use-after-free flaw occurs due to failure to validate the existence of an object before operating on it. This leads to arbitrary code execution in the context of the current process. Exploitation requires use...
CVE-2023-50193
The CVE-2023-50193 entry concerns Trimble SketchUp Viewer: SKP file parsing leads to a use-after-free that enables remote code execution. The flaw arises from not validating the existence of an object before operating on it, allowing an attacker to run code in the process context. Exploitation re...
CVE-2024-9715
CVE-2024-9715 involves Trimble SketchUp Viewer SKP file parsing where a Use-After-Free arises from not validating an object’s existence before performing operations, enabling remote code execution after user interaction (visiting a malicious page or opening a malicious file). Multiple trusted sou...
CVE-2024-9718
CVE-2024-9718 – Trimble SketchUp Viewer is affected through the SKP file parser, where lack of validation can cause an out-of-bounds read and enable remote code execution in the attacker’s context. The exploit requires user interaction (visiting a malicious page or opening a malicious file). This...
CVE-2024-9720
CVE-2024-9720 affects Trimble SketchUp Viewer. It is a vulnerability in SKP file parsing where insufficient validation can cause a read past the end of an allocated buffer, leading to remote code execution. The flaw occurs during parsing of SKP files and can be exploited by users who open a malic...
CVE-2024-9723
CVE-2024-9723 describes a Use-After-Free in Trimble SketchUp Viewer related to SKP file parsing. The flaw arises from not validating the existence of an object before operating on it, enabling remote code execution when a user opens a malicious SKP or visits a malicious page. The vulnerability re...
CVE-2024-9728
Summary: CVE-2024-9728 is a use-after-free remote code execution vulnerability in Trimble SketchUp Viewer caused by parsing SKP files without validating object existence. The flaw can allow code execution in the target process and requires user interaction (visiting a malicious page or opening a ...
CVE-2013-6038
CVE-2013-6038 : A stack-based buffer overflow in SketchUp Viewer 13.0.4124 allows remote attackers to execute arbitrary code by opening a specially crafted .SKP file. The issue is triggered during parsing of the .SKP, enabling potentially remote code execution without user interaction. The CVSS m...