CVE-2013-3664: Buffer Overflow
First published: Tue Jul 01 2014(Updated: )
Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an out-of-bounds stack write. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3662. NOTE: this issue was SPLIT due to different affected products and codebases (ADT1); CVE-2013-7388 has been assigned to the paintlib issue.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Trimble SketchUp Pro | =6.0-maintenance_6 | |
| Trimble SketchUp Pro | =7.0-maintenance_1 | |
| Trimble SketchUp Pro | =7.1 | |
| Trimble SketchUp Pro | =7.1-maintenance_1 | |
| Trimble SketchUp Pro | =7.1-maintenance_2 | |
| Trimble SketchUp Pro | =8.0 | |
| Trimble SketchUp Pro | =8.0-maintenance_1 | |
| Trimble SketchUp Pro | =8.0-maintenance_2 | |
| Trimble SketchUp Pro | =8.0-maintenance_3 | |
| Trimble SketchUp Pro | =8.0-maintenance_4 | |
| Trimble SketchUp Pro | <=8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://archives.neohapsis.com/archives/bugtraq/2013-06/0008.html
- http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html
- http://secunia.com/advisories/53635
- http://www.binamuse.com/advisories/BINA-20130521A.txt
- http://www.securityfocus.com/bid/60248
- https://exchange.xforce.ibmcloud.com/vulnerabilities/84723
Frequently Asked Questions
What is the severity of CVE-2013-3664?
CVE-2013-3664 is classified as a medium severity vulnerability allowing remote code execution.
How do I fix CVE-2013-3664?
To fix CVE-2013-3664, update Trimble SketchUp to version 13.0.3689 or later.
What types of attacks does CVE-2013-3664 allow?
CVE-2013-3664 allows remote attackers to execute arbitrary code through a crafted color palette table.
Which software versions are affected by CVE-2013-3664?
CVE-2013-3664 affects Trimble SketchUp versions prior to 13.0.3689, including multiple versions from 6.0 to 8.0.
What causes the vulnerability in CVE-2013-3664?
CVE-2013-3664 is caused by an incomplete fix for a previous vulnerability, CVE-2013-3662, leading to an out-of-bounds stack write.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/google
- canonical/trimble sketchup pro
- version/trimble sketchup pro/6.0-maintenance_6
- version/trimble sketchup pro/7.0-maintenance_1
- version/trimble sketchup pro/7.1
- version/trimble sketchup pro/7.1-maintenance_1
- version/trimble sketchup pro/7.1-maintenance_2
- version/trimble sketchup pro/8.0
- version/trimble sketchup pro/8.0-maintenance_1
- version/trimble sketchup pro/8.0-maintenance_2
- version/trimble sketchup pro/8.0-maintenance_3
- version/trimble sketchup pro/8.0-maintenance_4
- vendor/trimble