CVE-2014-3938

CWE-1893 documents3 sources

Severity

9.3CRITICAL

EPSS

10.5%

top 6.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Autodesk Sketchbook PRO

Timeline

PublishedJul 23

Latest updateMay 17

Description

Integer overflow in Autodesk SketchBook Pro before 6.2.6 allows remote attackers to execute arbitrary code via crafted layer mask data in a PSD file, which triggers a heap-based buffer overflow.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDautodesk/sketchbook_pro6.2.5+1

🔴Vulnerability Details

GHSA

GHSA-qwrv-f2ww-jv4r: Integer overflow in Autodesk SketchBook Pro before 6↗2022-05-17

▶

CVEList

CVE-2014-3938: Integer overflow in Autodesk SketchBook Pro before 6↗2014-07-23

▶