CVE-2013-7388

CWE-119Buffer Overflow3 documents3 sources
Severity
9.3CRITICAL
EPSS
9.2%
top 7.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Trimble SketchupGoogle Sketchup
Timeline
PublishedJul 1
Latest updateMay 17

Description

Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689), allows remote attackers to execute arbitrary code via a crafted RLE4-compressed bitmap (BMP). NOTE: this issue was SPLIT from CVE-2013-3664 due to different affected products and codebases (ADT1).

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDgoogle/sketchup4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-g9gh-84qj-827r: Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (132022-05-17
CVEList
CVE-2013-7388: Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (132014-07-01
CVE-2013-7388 (CRITICAL CVSS 9.3) | Heap-based buffer overflow in paint | cvebase.io