Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2013-7388

Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689), allows remote attackers to execute arbitrary code via a crafted RLE4-compressed bitmap (BMP). NOTE: this issue was SPLIT from CVE-2013-3664 due to different affected products and codebases (ADT1).

Published

2014-07-01T17:55:03.997

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 9.3 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

8.6

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-119
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application google sketchup 6.0 Yes
Application google sketchup 7.0 Yes
Application google sketchup 7.1 Yes
Application google sketchup 7.1 Yes
Application google sketchup 7.1 Yes
Application google sketchup 8.0 Yes
Application google sketchup 8.0 Yes
Application google sketchup 8.0 Yes
Application google sketchup 8.0 Yes
Application google sketchup 8.0 Yes
Application trimble sketchup ≤ 8.0 Yes
References