Vulnerabilites related to google - sketchup
CVE-2013-3664 (GCVE-0-2013-3664)
Vulnerability from cvelistv5
Published
2014-07-01 17:00
Modified
2024-08-06 16:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an out-of-bounds stack write. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3662. NOTE: this issue was SPLIT due to different affected products and codebases (ADT1); CVE-2013-7388 has been assigned to the paintlib issue.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130531 CVE-2013-3664 - Sketchup Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0008.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.binamuse.com/advisories/BINA-20130521A.txt"
},
{
"name": "sketchup-cve20133664-bo(84723)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"
},
{
"name": "60248",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/60248"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"name": "53635",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53635"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an out-of-bounds stack write. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3662. NOTE: this issue was SPLIT due to different affected products and codebases (ADT1); CVE-2013-7388 has been assigned to the paintlib issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20130531 CVE-2013-3664 - Sketchup Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0008.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.binamuse.com/advisories/BINA-20130521A.txt"
},
{
"name": "sketchup-cve20133664-bo(84723)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"
},
{
"name": "60248",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/60248"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"name": "53635",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53635"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an out-of-bounds stack write. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3662. NOTE: this issue was SPLIT due to different affected products and codebases (ADT1); CVE-2013-7388 has been assigned to the paintlib issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130531 CVE-2013-3664 - Sketchup Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0008.html"
},
{
"name": "http://www.binamuse.com/advisories/BINA-20130521A.txt",
"refsource": "MISC",
"url": "http://www.binamuse.com/advisories/BINA-20130521A.txt"
},
{
"name": "sketchup-cve20133664-bo(84723)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"
},
{
"name": "60248",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/60248"
},
{
"name": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html",
"refsource": "MISC",
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"name": "53635",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53635"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3664",
"datePublished": "2014-07-01T17:00:00",
"dateReserved": "2013-05-24T00:00:00",
"dateUpdated": "2024-08-06T16:14:56.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4894 (GCVE-0-2012-4894)
Vulnerability from cvelistv5
Published
2012-10-05 10:00
Modified
2024-08-06 20:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Google SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SKP file.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:18.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "85570",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/85570"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://technet.microsoft.com/security/msvr/msvr12-015"
},
{
"name": "google-sketchup-skp-code-execution(78676)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78676"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://support.google.com/sketchup/bin/static.py?page=release_notes.cs"
},
{
"name": "55598",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55598"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Google SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SKP file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "85570",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/85570"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://technet.microsoft.com/security/msvr/msvr12-015"
},
{
"name": "google-sketchup-skp-code-execution(78676)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78676"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://support.google.com/sketchup/bin/static.py?page=release_notes.cs"
},
{
"name": "55598",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55598"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SKP file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "85570",
"refsource": "OSVDB",
"url": "http://osvdb.org/85570"
},
{
"name": "http://technet.microsoft.com/security/msvr/msvr12-015",
"refsource": "MISC",
"url": "http://technet.microsoft.com/security/msvr/msvr12-015"
},
{
"name": "google-sketchup-skp-code-execution(78676)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78676"
},
{
"name": "http://support.google.com/sketchup/bin/static.py?page=release_notes.cs",
"refsource": "MISC",
"url": "http://support.google.com/sketchup/bin/static.py?page=release_notes.cs"
},
{
"name": "55598",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55598"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4894",
"datePublished": "2012-10-05T10:00:00",
"dateReserved": "2012-09-12T00:00:00",
"dateUpdated": "2024-08-06T20:50:18.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2478 (GCVE-0-2011-2478)
Vulnerability from cvelistv5
Published
2012-04-17 18:00
Modified
2024-08-06 23:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Google SketchUp before 8 does not properly handle edge geometry in SketchUp (aka .SKP) files, which allows remote attackers to execute arbitrary code via a crafted file.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:00:34.101Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://technet.microsoft.com/en-us/security/msvr/msvr11-006"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.google.com/sketchup/bin/static.py?hl=en\u0026page=release_notes.cs\u0026rd=1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Google SketchUp before 8 does not properly handle edge geometry in SketchUp (aka .SKP) files, which allows remote attackers to execute arbitrary code via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-16T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://technet.microsoft.com/en-us/security/msvr/msvr11-006"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.google.com/sketchup/bin/static.py?hl=en\u0026page=release_notes.cs\u0026rd=1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google SketchUp before 8 does not properly handle edge geometry in SketchUp (aka .SKP) files, which allows remote attackers to execute arbitrary code via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://technet.microsoft.com/en-us/security/msvr/msvr11-006",
"refsource": "MISC",
"url": "http://technet.microsoft.com/en-us/security/msvr/msvr11-006"
},
{
"name": "http://support.google.com/sketchup/bin/static.py?hl=en\u0026page=release_notes.cs\u0026rd=1",
"refsource": "CONFIRM",
"url": "http://support.google.com/sketchup/bin/static.py?hl=en\u0026page=release_notes.cs\u0026rd=1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2478",
"datePublished": "2012-04-17T18:00:00",
"dateReserved": "2011-06-14T00:00:00",
"dateUpdated": "2024-08-06T23:00:34.101Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7388 (GCVE-0-2013-7388)
Vulnerability from cvelistv5
Published
2014-07-01 17:00
Modified
2024-08-06 18:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689), allows remote attackers to execute arbitrary code via a crafted RLE4-compressed bitmap (BMP). NOTE: this issue was SPLIT from CVE-2013-3664 due to different affected products and codebases (ADT1).
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:09:16.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.binamuse.com/advisories/BINA-20130521B.txt"
},
{
"name": "sketchup-cve20133664-bo(84723)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"
},
{
"name": "60248",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/60248"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"name": "53635",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53635"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689), allows remote attackers to execute arbitrary code via a crafted RLE4-compressed bitmap (BMP). NOTE: this issue was SPLIT from CVE-2013-3664 due to different affected products and codebases (ADT1)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.binamuse.com/advisories/BINA-20130521B.txt"
},
{
"name": "sketchup-cve20133664-bo(84723)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"
},
{
"name": "60248",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/60248"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"name": "53635",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53635"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7388",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689), allows remote attackers to execute arbitrary code via a crafted RLE4-compressed bitmap (BMP). NOTE: this issue was SPLIT from CVE-2013-3664 due to different affected products and codebases (ADT1)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.binamuse.com/advisories/BINA-20130521B.txt",
"refsource": "MISC",
"url": "http://www.binamuse.com/advisories/BINA-20130521B.txt"
},
{
"name": "sketchup-cve20133664-bo(84723)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"
},
{
"name": "60248",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/60248"
},
{
"name": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html",
"refsource": "MISC",
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"name": "53635",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53635"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7388",
"datePublished": "2014-07-01T17:00:00",
"dateReserved": "2014-07-01T00:00:00",
"dateUpdated": "2024-08-06T18:09:16.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3663 (GCVE-0-2013-3663)
Vulnerability from cvelistv5
Published
2014-06-13 14:00
Modified
2024-08-06 16:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 8 Maintenance 3, allows remote attackers to execute arbitrary code via a crafted RLE8 compressed BMP.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130531 CVE-2013-3663 - SketchUp BMP RLE8 Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0007.html"
},
{
"name": "sketchup-cve20133663-bo(84721)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84721"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 8 Maintenance 3, allows remote attackers to execute arbitrary code via a crafted RLE8 compressed BMP."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20130531 CVE-2013-3663 - SketchUp BMP RLE8 Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0007.html"
},
{
"name": "sketchup-cve20133663-bo(84721)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84721"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 8 Maintenance 3, allows remote attackers to execute arbitrary code via a crafted RLE8 compressed BMP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130531 CVE-2013-3663 - SketchUp BMP RLE8 Heap Overflow",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0007.html"
},
{
"name": "sketchup-cve20133663-bo(84721)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84721"
},
{
"name": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html",
"refsource": "MISC",
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3663",
"datePublished": "2014-06-13T14:00:00",
"dateReserved": "2013-05-24T00:00:00",
"dateUpdated": "2024-08-06T16:14:56.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3662 (GCVE-0-2013-3662)
Vulnerability from cvelistv5
Published
2014-07-01 17:00
Modified
2024-08-06 16:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Timbre SketchUp (formerly Google SketchUp) before 8 Maintenance 2 allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers a stack-based buffer overflow.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "sketchup-cve20133662-code-exec(84720)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84720"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"name": "20130531 CVE-2013-3662 - Sketchup MAC Pict Material Palette Stack Corruption",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Timbre SketchUp (formerly Google SketchUp) before 8 Maintenance 2 allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers a stack-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "sketchup-cve20133662-code-exec(84720)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84720"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"name": "20130531 CVE-2013-3662 - Sketchup MAC Pict Material Palette Stack Corruption",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0006.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Timbre SketchUp (formerly Google SketchUp) before 8 Maintenance 2 allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers a stack-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sketchup-cve20133662-code-exec(84720)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84720"
},
{
"name": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html",
"refsource": "MISC",
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"name": "20130531 CVE-2013-3662 - Sketchup MAC Pict Material Palette Stack Corruption",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0006.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3662",
"datePublished": "2014-07-01T17:00:00",
"dateReserved": "2013-05-24T00:00:00",
"dateUpdated": "2024-08-06T16:14:56.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2536 (GCVE-0-2016-2536)
Vulnerability from cvelistv5
Published
2016-02-22 15:05
Modified
2024-08-05 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. NOTE: the primary affected product may be SketchUp.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:32:20.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-175"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-173"
},
{
"name": "83307",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/83307"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-174"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-176"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. NOTE: the primary affected product may be SketchUp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-13T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-175"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-173"
},
{
"name": "83307",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/83307"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-174"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-176"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2536",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. NOTE: the primary affected product may be SketchUp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-175",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-175"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-173",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-173"
},
{
"name": "83307",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/83307"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-174",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-174"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-176",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-176"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2536",
"datePublished": "2016-02-22T15:05:00",
"dateReserved": "2016-02-22T00:00:00",
"dateUpdated": "2024-08-05T23:32:20.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2012-10-05 10:51
Modified
2025-04-11 00:51
Severity ?
Summary
Google SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SKP file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:sketchup:*:maintenance_2:*:*:*:*:*:*",
"matchCriteriaId": "52B6E7BA-412F-4B60-BDE5-49EA9759E28B",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:6.0:maintenance_6:*:*:*:*:*:*",
"matchCriteriaId": "1D0ECBF9-81D6-46E5-B562-2B211759120C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:7.0:maintenance_1:*:*:*:*:*:*",
"matchCriteriaId": "B418AD1B-67D0-48A1-BADF-6DF7375F28CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23ECF522-3F9A-4514-AC7E-95C81068E4F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:7.1:maintenance_1:*:*:*:*:*:*",
"matchCriteriaId": "1D6AE8EF-BE0E-404C-B134-CD36B6A63828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:7.1:maintenance_2:*:*:*:*:*:*",
"matchCriteriaId": "A0DFA736-4D8B-453C-8652-0104985CB9D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C7465758-9BF5-4529-91A4-F442C4D1CC6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:8.0:maintenance_1:*:*:*:*:*:*",
"matchCriteriaId": "1EBE1ED0-CC18-45AE-8761-3E0B304A18C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Google SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SKP file."
},
{
"lang": "es",
"value": "Google SketchUp antes de v8.0.14346 (alias 8 Maintenance 3) permite a atacantes remotos asistidos por el usuario ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un archivo SKP modificado."
}
],
"id": "CVE-2012-4894",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-10-05T10:51:16.020",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/85570"
},
{
"source": "cve@mitre.org",
"url": "http://support.google.com/sketchup/bin/static.py?page=release_notes.cs"
},
{
"source": "cve@mitre.org",
"url": "http://technet.microsoft.com/security/msvr/msvr12-015"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/55598"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/85570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.google.com/sketchup/bin/static.py?page=release_notes.cs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://technet.microsoft.com/security/msvr/msvr12-015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78676"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-01 17:55
Modified
2025-04-12 10:46
Severity ?
Summary
Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an out-of-bounds stack write. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3662. NOTE: this issue was SPLIT due to different affected products and codebases (ADT1); CVE-2013-7388 has been assigned to the paintlib issue.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:sketchup:6.0:maintenance_6:*:*:*:*:*:*",
"matchCriteriaId": "1D0ECBF9-81D6-46E5-B562-2B211759120C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:7.0:maintenance_1:*:*:*:*:*:*",
"matchCriteriaId": "B418AD1B-67D0-48A1-BADF-6DF7375F28CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23ECF522-3F9A-4514-AC7E-95C81068E4F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:7.1:maintenance_1:*:*:*:*:*:*",
"matchCriteriaId": "1D6AE8EF-BE0E-404C-B134-CD36B6A63828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:7.1:maintenance_2:*:*:*:*:*:*",
"matchCriteriaId": "A0DFA736-4D8B-453C-8652-0104985CB9D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C7465758-9BF5-4529-91A4-F442C4D1CC6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:8.0:maintenance_1:*:*:*:*:*:*",
"matchCriteriaId": "1EBE1ED0-CC18-45AE-8761-3E0B304A18C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:8.0:maintenance_2:*:*:*:*:*:*",
"matchCriteriaId": "C4860803-6E0F-448B-981C-4A2531F7455C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:8.0:maintenance_3:*:*:*:*:*:*",
"matchCriteriaId": "F2DB039C-B6A2-44C0-84FF-BDDAEDFEF906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:8.0:maintenance_4:*:*:*:*:*:*",
"matchCriteriaId": "739B944B-51C0-460B-B82B-189F04A3BD87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trimble:sketchup:*:maintenance_5:*:*:*:*:*:*",
"matchCriteriaId": "89A70422-04F4-4358-8B2F-860045AFE586",
"versionEndIncluding": "8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an out-of-bounds stack write. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3662. NOTE: this issue was SPLIT due to different affected products and codebases (ADT1); CVE-2013-7388 has been assigned to the paintlib issue."
},
{
"lang": "es",
"value": "Trimble SketchUp (anteriormente Google SketchUp) anterior a 2013 (13.0.3689) permite a atacantes remotos inyectar c\u00f3digo arbitrario a trav\u00e9s de una tabla de paleta de color en una textura MAC Pict, lo que provoca una escritura en pila fuera de rango. NOTA: est\u00e1 vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2013-3662. NOTA: este problema fue dividido (SPLIT) debido a diferentes productos y bases de c\u00f3digos afectados (ADT1); CVE-2013-7388 ha sido asignado al problema paintlib."
}
],
"id": "CVE-2013-3664",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-07-01T17:55:03.947",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0008.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/53635"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.binamuse.com/advisories/BINA-20130521A.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/60248"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/53635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.binamuse.com/advisories/BINA-20130521A.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/60248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-01 17:55
Modified
2025-04-12 10:46
Severity ?
Summary
Timbre SketchUp (formerly Google SketchUp) before 8 Maintenance 2 allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers a stack-based buffer overflow.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:sketchup:*:maintenance_1:*:*:*:*:*:*",
"matchCriteriaId": "245EA638-7374-4629-8BCD-EE995B35EA44",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C7465758-9BF5-4529-91A4-F442C4D1CC6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Timbre SketchUp (formerly Google SketchUp) before 8 Maintenance 2 allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers a stack-based buffer overflow."
},
{
"lang": "es",
"value": "Timbre SketchUp (anteriormente Google SketchUp) anterior a 8 Maintenance 2 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una tabla de la paleta de color en una textura MAC Pict, lo que provoca un desbordamiento de buffer basado en pila."
}
],
"id": "CVE-2013-3662",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-07-01T17:55:03.683",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0006.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84720"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-01 17:55
Modified
2025-04-12 10:46
Severity ?
Summary
Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689), allows remote attackers to execute arbitrary code via a crafted RLE4-compressed bitmap (BMP). NOTE: this issue was SPLIT from CVE-2013-3664 due to different affected products and codebases (ADT1).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:sketchup:6.0:maintenance_6:*:*:*:*:*:*",
"matchCriteriaId": "1D0ECBF9-81D6-46E5-B562-2B211759120C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:7.0:maintenance_1:*:*:*:*:*:*",
"matchCriteriaId": "B418AD1B-67D0-48A1-BADF-6DF7375F28CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23ECF522-3F9A-4514-AC7E-95C81068E4F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:7.1:maintenance_1:*:*:*:*:*:*",
"matchCriteriaId": "1D6AE8EF-BE0E-404C-B134-CD36B6A63828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:7.1:maintenance_2:*:*:*:*:*:*",
"matchCriteriaId": "A0DFA736-4D8B-453C-8652-0104985CB9D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C7465758-9BF5-4529-91A4-F442C4D1CC6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:8.0:maintenance_1:*:*:*:*:*:*",
"matchCriteriaId": "1EBE1ED0-CC18-45AE-8761-3E0B304A18C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:8.0:maintenance_2:*:*:*:*:*:*",
"matchCriteriaId": "C4860803-6E0F-448B-981C-4A2531F7455C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:8.0:maintenance_3:*:*:*:*:*:*",
"matchCriteriaId": "F2DB039C-B6A2-44C0-84FF-BDDAEDFEF906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:8.0:maintenance_4:*:*:*:*:*:*",
"matchCriteriaId": "739B944B-51C0-460B-B82B-189F04A3BD87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trimble:sketchup:*:maintenance_5:*:*:*:*:*:*",
"matchCriteriaId": "89A70422-04F4-4358-8B2F-860045AFE586",
"versionEndIncluding": "8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689), allows remote attackers to execute arbitrary code via a crafted RLE4-compressed bitmap (BMP). NOTE: this issue was SPLIT from CVE-2013-3664 due to different affected products and codebases (ADT1)."
},
{
"lang": "es",
"value": "Desbordamiento de buffer basado en memoria din\u00e1mica en paintlib, utilizado en Trimble SketchUp (anetriormente Google SketchUp) anterior a 2013 (13.0.3689), permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un mapa de bits RLE4-comprimido (BMP) manipulado. NOTA: este problema fue dividido (SPLIT) de CVE-2013-3664 debido a diferentes productos y bases de c\u00f3digos afectados (ADT1)."
}
],
"id": "CVE-2013-7388",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-07-01T17:55:03.997",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/53635"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.binamuse.com/advisories/BINA-20130521B.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/60248"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/53635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.binamuse.com/advisories/BINA-20130521B.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/60248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-02-22 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. NOTE: the primary affected product may be SketchUp.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | 3d_visual_enterprise_viewer | * | |
| sketchup | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:3d_visual_enterprise_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28B0FABB-1F8A-46D7-9E59-72CA0AB1F522",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:sketchup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFB8202A-9FC1-40E6-87E6-7AD986CB5236",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. NOTE: the primary affected product may be SketchUp."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidaes de uso despu\u00e9s de liberaci\u00f3n de memoria en SAP 3D Visual Enterprise Viewer permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento SketchUp manipulado. NOTA: el producto principalmente afectado podr\u00eda ser SketchUp."
}
],
"id": "CVE-2016-2536",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-22T15:59:03.097",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/83307"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-173"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-174"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-175"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/83307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-176"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-04-17 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
Google SketchUp before 8 does not properly handle edge geometry in SketchUp (aka .SKP) files, which allows remote attackers to execute arbitrary code via a crafted file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:sketchup:*:maintenance_2:*:*:*:*:*:*",
"matchCriteriaId": "693DC09C-9F7D-4F9C-9FDE-3F6D92BF1C94",
"versionEndIncluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:6.0:maintenance_6:*:*:*:*:*:*",
"matchCriteriaId": "1D0ECBF9-81D6-46E5-B562-2B211759120C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:7.0:maintenance_1:*:*:*:*:*:*",
"matchCriteriaId": "B418AD1B-67D0-48A1-BADF-6DF7375F28CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23ECF522-3F9A-4514-AC7E-95C81068E4F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:7.1:maintenance_1:*:*:*:*:*:*",
"matchCriteriaId": "1D6AE8EF-BE0E-404C-B134-CD36B6A63828",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Google SketchUp before 8 does not properly handle edge geometry in SketchUp (aka .SKP) files, which allows remote attackers to execute arbitrary code via a crafted file."
},
{
"lang": "es",
"value": "Google SketchUp antes de las v8 no controla correctamente la geometr\u00eda de borde en los ficheros SketchUp (.SKP), lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo malicioso."
}
],
"id": "CVE-2011-2478",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-04-17T18:55:00.927",
"references": [
{
"source": "cve@mitre.org",
"url": "http://support.google.com/sketchup/bin/static.py?hl=en\u0026page=release_notes.cs\u0026rd=1"
},
{
"source": "cve@mitre.org",
"url": "http://technet.microsoft.com/en-us/security/msvr/msvr11-006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.google.com/sketchup/bin/static.py?hl=en\u0026page=release_notes.cs\u0026rd=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://technet.microsoft.com/en-us/security/msvr/msvr11-006"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-13 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 8 Maintenance 3, allows remote attackers to execute arbitrary code via a crafted RLE8 compressed BMP.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:sketchup:*:maintenance_1:*:*:*:*:*:*",
"matchCriteriaId": "245EA638-7374-4629-8BCD-EE995B35EA44",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:6.0:maintenance_6:*:*:*:*:*:*",
"matchCriteriaId": "1D0ECBF9-81D6-46E5-B562-2B211759120C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:7.0:maintenance_1:*:*:*:*:*:*",
"matchCriteriaId": "B418AD1B-67D0-48A1-BADF-6DF7375F28CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23ECF522-3F9A-4514-AC7E-95C81068E4F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:7.1:maintenance_1:*:*:*:*:*:*",
"matchCriteriaId": "1D6AE8EF-BE0E-404C-B134-CD36B6A63828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:7.1:maintenance_2:*:*:*:*:*:*",
"matchCriteriaId": "A0DFA736-4D8B-453C-8652-0104985CB9D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C7465758-9BF5-4529-91A4-F442C4D1CC6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 8 Maintenance 3, allows remote attackers to execute arbitrary code via a crafted RLE8 compressed BMP."
},
{
"lang": "es",
"value": "Desbordamiento de buffer basado en memoria din\u00e1mica en paintlib, utilizado en Trimble SketchUp (anteriormente Google SketchUp) anterior a 8 Maintenance 3, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo BMP comprimido en RLE8 manipulado."
}
],
"id": "CVE-2013-3663",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-06-13T14:55:12.743",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84721"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}