Vulnerabilites related to google - sketchup
Vulnerability from fkie_nvd
Published
2016-02-22 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. NOTE: the primary affected product may be SketchUp.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | 3d_visual_enterprise_viewer | * | |
| sketchup | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:3d_visual_enterprise_viewer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28B0FABB-1F8A-46D7-9E59-72CA0AB1F522",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:sketchup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFB8202A-9FC1-40E6-87E6-7AD986CB5236",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. NOTE: the primary affected product may be SketchUp."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidaes de uso despu\u00e9s de liberaci\u00f3n de memoria en SAP 3D Visual Enterprise Viewer permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento SketchUp manipulado. NOTA: el producto principalmente afectado podr\u00eda ser SketchUp."
}
],
"id": "CVE-2016-2536",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-22T15:59:03.097",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/83307"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-173"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-174"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-175"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/83307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-176"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-01 17:55
Modified
2025-04-12 10:46
Severity ?
Summary
Timbre SketchUp (formerly Google SketchUp) before 8 Maintenance 2 allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers a stack-based buffer overflow.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:sketchup:*:maintenance_1:*:*:*:*:*:*",
"matchCriteriaId": "245EA638-7374-4629-8BCD-EE995B35EA44",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C7465758-9BF5-4529-91A4-F442C4D1CC6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Timbre SketchUp (formerly Google SketchUp) before 8 Maintenance 2 allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers a stack-based buffer overflow."
},
{
"lang": "es",
"value": "Timbre SketchUp (anteriormente Google SketchUp) anterior a 8 Maintenance 2 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una tabla de la paleta de color en una textura MAC Pict, lo que provoca un desbordamiento de buffer basado en pila."
}
],
"id": "CVE-2013-3662",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-07-01T17:55:03.683",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0006.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84720"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-13 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 8 Maintenance 3, allows remote attackers to execute arbitrary code via a crafted RLE8 compressed BMP.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:sketchup:*:maintenance_1:*:*:*:*:*:*",
"matchCriteriaId": "245EA638-7374-4629-8BCD-EE995B35EA44",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:6.0:maintenance_6:*:*:*:*:*:*",
"matchCriteriaId": "1D0ECBF9-81D6-46E5-B562-2B211759120C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:7.0:maintenance_1:*:*:*:*:*:*",
"matchCriteriaId": "B418AD1B-67D0-48A1-BADF-6DF7375F28CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23ECF522-3F9A-4514-AC7E-95C81068E4F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:7.1:maintenance_1:*:*:*:*:*:*",
"matchCriteriaId": "1D6AE8EF-BE0E-404C-B134-CD36B6A63828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:7.1:maintenance_2:*:*:*:*:*:*",
"matchCriteriaId": "A0DFA736-4D8B-453C-8652-0104985CB9D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C7465758-9BF5-4529-91A4-F442C4D1CC6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 8 Maintenance 3, allows remote attackers to execute arbitrary code via a crafted RLE8 compressed BMP."
},
{
"lang": "es",
"value": "Desbordamiento de buffer basado en memoria din\u00e1mica en paintlib, utilizado en Trimble SketchUp (anteriormente Google SketchUp) anterior a 8 Maintenance 3, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo BMP comprimido en RLE8 manipulado."
}
],
"id": "CVE-2013-3663",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-06-13T14:55:12.743",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84721"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-01 17:55
Modified
2025-04-12 10:46
Severity ?
Summary
Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689), allows remote attackers to execute arbitrary code via a crafted RLE4-compressed bitmap (BMP). NOTE: this issue was SPLIT from CVE-2013-3664 due to different affected products and codebases (ADT1).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:sketchup:6.0:maintenance_6:*:*:*:*:*:*",
"matchCriteriaId": "1D0ECBF9-81D6-46E5-B562-2B211759120C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:7.0:maintenance_1:*:*:*:*:*:*",
"matchCriteriaId": "B418AD1B-67D0-48A1-BADF-6DF7375F28CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23ECF522-3F9A-4514-AC7E-95C81068E4F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:7.1:maintenance_1:*:*:*:*:*:*",
"matchCriteriaId": "1D6AE8EF-BE0E-404C-B134-CD36B6A63828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:7.1:maintenance_2:*:*:*:*:*:*",
"matchCriteriaId": "A0DFA736-4D8B-453C-8652-0104985CB9D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C7465758-9BF5-4529-91A4-F442C4D1CC6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:8.0:maintenance_1:*:*:*:*:*:*",
"matchCriteriaId": "1EBE1ED0-CC18-45AE-8761-3E0B304A18C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:8.0:maintenance_2:*:*:*:*:*:*",
"matchCriteriaId": "C4860803-6E0F-448B-981C-4A2531F7455C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:8.0:maintenance_3:*:*:*:*:*:*",
"matchCriteriaId": "F2DB039C-B6A2-44C0-84FF-BDDAEDFEF906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:8.0:maintenance_4:*:*:*:*:*:*",
"matchCriteriaId": "739B944B-51C0-460B-B82B-189F04A3BD87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trimble:sketchup:*:maintenance_5:*:*:*:*:*:*",
"matchCriteriaId": "89A70422-04F4-4358-8B2F-860045AFE586",
"versionEndIncluding": "8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689), allows remote attackers to execute arbitrary code via a crafted RLE4-compressed bitmap (BMP). NOTE: this issue was SPLIT from CVE-2013-3664 due to different affected products and codebases (ADT1)."
},
{
"lang": "es",
"value": "Desbordamiento de buffer basado en memoria din\u00e1mica en paintlib, utilizado en Trimble SketchUp (anetriormente Google SketchUp) anterior a 2013 (13.0.3689), permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un mapa de bits RLE4-comprimido (BMP) manipulado. NOTA: este problema fue dividido (SPLIT) de CVE-2013-3664 debido a diferentes productos y bases de c\u00f3digos afectados (ADT1)."
}
],
"id": "CVE-2013-7388",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-07-01T17:55:03.997",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/53635"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.binamuse.com/advisories/BINA-20130521B.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/60248"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/53635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.binamuse.com/advisories/BINA-20130521B.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/60248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-01 17:55
Modified
2025-04-12 10:46
Severity ?
Summary
Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an out-of-bounds stack write. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3662. NOTE: this issue was SPLIT due to different affected products and codebases (ADT1); CVE-2013-7388 has been assigned to the paintlib issue.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:sketchup:6.0:maintenance_6:*:*:*:*:*:*",
"matchCriteriaId": "1D0ECBF9-81D6-46E5-B562-2B211759120C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:7.0:maintenance_1:*:*:*:*:*:*",
"matchCriteriaId": "B418AD1B-67D0-48A1-BADF-6DF7375F28CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23ECF522-3F9A-4514-AC7E-95C81068E4F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:7.1:maintenance_1:*:*:*:*:*:*",
"matchCriteriaId": "1D6AE8EF-BE0E-404C-B134-CD36B6A63828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:7.1:maintenance_2:*:*:*:*:*:*",
"matchCriteriaId": "A0DFA736-4D8B-453C-8652-0104985CB9D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C7465758-9BF5-4529-91A4-F442C4D1CC6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:8.0:maintenance_1:*:*:*:*:*:*",
"matchCriteriaId": "1EBE1ED0-CC18-45AE-8761-3E0B304A18C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:8.0:maintenance_2:*:*:*:*:*:*",
"matchCriteriaId": "C4860803-6E0F-448B-981C-4A2531F7455C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:8.0:maintenance_3:*:*:*:*:*:*",
"matchCriteriaId": "F2DB039C-B6A2-44C0-84FF-BDDAEDFEF906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:8.0:maintenance_4:*:*:*:*:*:*",
"matchCriteriaId": "739B944B-51C0-460B-B82B-189F04A3BD87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trimble:sketchup:*:maintenance_5:*:*:*:*:*:*",
"matchCriteriaId": "89A70422-04F4-4358-8B2F-860045AFE586",
"versionEndIncluding": "8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an out-of-bounds stack write. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3662. NOTE: this issue was SPLIT due to different affected products and codebases (ADT1); CVE-2013-7388 has been assigned to the paintlib issue."
},
{
"lang": "es",
"value": "Trimble SketchUp (anteriormente Google SketchUp) anterior a 2013 (13.0.3689) permite a atacantes remotos inyectar c\u00f3digo arbitrario a trav\u00e9s de una tabla de paleta de color en una textura MAC Pict, lo que provoca una escritura en pila fuera de rango. NOTA: est\u00e1 vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2013-3662. NOTA: este problema fue dividido (SPLIT) debido a diferentes productos y bases de c\u00f3digos afectados (ADT1); CVE-2013-7388 ha sido asignado al problema paintlib."
}
],
"id": "CVE-2013-3664",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-07-01T17:55:03.947",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0008.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/53635"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.binamuse.com/advisories/BINA-20130521A.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/60248"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/53635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.binamuse.com/advisories/BINA-20130521A.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/60248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-04-17 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
Google SketchUp before 8 does not properly handle edge geometry in SketchUp (aka .SKP) files, which allows remote attackers to execute arbitrary code via a crafted file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:sketchup:*:maintenance_2:*:*:*:*:*:*",
"matchCriteriaId": "693DC09C-9F7D-4F9C-9FDE-3F6D92BF1C94",
"versionEndIncluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:6.0:maintenance_6:*:*:*:*:*:*",
"matchCriteriaId": "1D0ECBF9-81D6-46E5-B562-2B211759120C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:7.0:maintenance_1:*:*:*:*:*:*",
"matchCriteriaId": "B418AD1B-67D0-48A1-BADF-6DF7375F28CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23ECF522-3F9A-4514-AC7E-95C81068E4F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:7.1:maintenance_1:*:*:*:*:*:*",
"matchCriteriaId": "1D6AE8EF-BE0E-404C-B134-CD36B6A63828",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Google SketchUp before 8 does not properly handle edge geometry in SketchUp (aka .SKP) files, which allows remote attackers to execute arbitrary code via a crafted file."
},
{
"lang": "es",
"value": "Google SketchUp antes de las v8 no controla correctamente la geometr\u00eda de borde en los ficheros SketchUp (.SKP), lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo malicioso."
}
],
"id": "CVE-2011-2478",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-04-17T18:55:00.927",
"references": [
{
"source": "cve@mitre.org",
"url": "http://support.google.com/sketchup/bin/static.py?hl=en\u0026page=release_notes.cs\u0026rd=1"
},
{
"source": "cve@mitre.org",
"url": "http://technet.microsoft.com/en-us/security/msvr/msvr11-006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.google.com/sketchup/bin/static.py?hl=en\u0026page=release_notes.cs\u0026rd=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://technet.microsoft.com/en-us/security/msvr/msvr11-006"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-10-05 10:51
Modified
2025-04-11 00:51
Severity ?
Summary
Google SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SKP file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:sketchup:*:maintenance_2:*:*:*:*:*:*",
"matchCriteriaId": "52B6E7BA-412F-4B60-BDE5-49EA9759E28B",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:6.0:maintenance_6:*:*:*:*:*:*",
"matchCriteriaId": "1D0ECBF9-81D6-46E5-B562-2B211759120C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:7.0:maintenance_1:*:*:*:*:*:*",
"matchCriteriaId": "B418AD1B-67D0-48A1-BADF-6DF7375F28CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23ECF522-3F9A-4514-AC7E-95C81068E4F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:7.1:maintenance_1:*:*:*:*:*:*",
"matchCriteriaId": "1D6AE8EF-BE0E-404C-B134-CD36B6A63828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:7.1:maintenance_2:*:*:*:*:*:*",
"matchCriteriaId": "A0DFA736-4D8B-453C-8652-0104985CB9D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C7465758-9BF5-4529-91A4-F442C4D1CC6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:sketchup:8.0:maintenance_1:*:*:*:*:*:*",
"matchCriteriaId": "1EBE1ED0-CC18-45AE-8761-3E0B304A18C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Google SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SKP file."
},
{
"lang": "es",
"value": "Google SketchUp antes de v8.0.14346 (alias 8 Maintenance 3) permite a atacantes remotos asistidos por el usuario ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un archivo SKP modificado."
}
],
"id": "CVE-2012-4894",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-10-05T10:51:16.020",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/85570"
},
{
"source": "cve@mitre.org",
"url": "http://support.google.com/sketchup/bin/static.py?page=release_notes.cs"
},
{
"source": "cve@mitre.org",
"url": "http://technet.microsoft.com/security/msvr/msvr12-015"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/55598"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/85570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.google.com/sketchup/bin/static.py?page=release_notes.cs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://technet.microsoft.com/security/msvr/msvr12-015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78676"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2013-7388 (GCVE-0-2013-7388)
Vulnerability from cvelistv5
Published
2014-07-01 17:00
Modified
2024-08-06 18:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689), allows remote attackers to execute arbitrary code via a crafted RLE4-compressed bitmap (BMP). NOTE: this issue was SPLIT from CVE-2013-3664 due to different affected products and codebases (ADT1).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.binamuse.com/advisories/BINA-20130521B.txt | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/84723 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/60248 | vdb-entry, x_refsource_BID | |
| http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html | x_refsource_MISC | |
| http://secunia.com/advisories/53635 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:09:16.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.binamuse.com/advisories/BINA-20130521B.txt"
},
{
"name": "sketchup-cve20133664-bo(84723)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"
},
{
"name": "60248",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/60248"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"name": "53635",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53635"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689), allows remote attackers to execute arbitrary code via a crafted RLE4-compressed bitmap (BMP). NOTE: this issue was SPLIT from CVE-2013-3664 due to different affected products and codebases (ADT1)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.binamuse.com/advisories/BINA-20130521B.txt"
},
{
"name": "sketchup-cve20133664-bo(84723)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"
},
{
"name": "60248",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/60248"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"name": "53635",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53635"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7388",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689), allows remote attackers to execute arbitrary code via a crafted RLE4-compressed bitmap (BMP). NOTE: this issue was SPLIT from CVE-2013-3664 due to different affected products and codebases (ADT1)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.binamuse.com/advisories/BINA-20130521B.txt",
"refsource": "MISC",
"url": "http://www.binamuse.com/advisories/BINA-20130521B.txt"
},
{
"name": "sketchup-cve20133664-bo(84723)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"
},
{
"name": "60248",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/60248"
},
{
"name": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html",
"refsource": "MISC",
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"name": "53635",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53635"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7388",
"datePublished": "2014-07-01T17:00:00",
"dateReserved": "2014-07-01T00:00:00",
"dateUpdated": "2024-08-06T18:09:16.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3664 (GCVE-0-2013-3664)
Vulnerability from cvelistv5
Published
2014-07-01 17:00
Modified
2024-08-06 16:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an out-of-bounds stack write. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3662. NOTE: this issue was SPLIT due to different affected products and codebases (ADT1); CVE-2013-7388 has been assigned to the paintlib issue.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-06/0008.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.binamuse.com/advisories/BINA-20130521A.txt | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/84723 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/60248 | vdb-entry, x_refsource_BID | |
| http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html | x_refsource_MISC | |
| http://secunia.com/advisories/53635 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130531 CVE-2013-3664 - Sketchup Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0008.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.binamuse.com/advisories/BINA-20130521A.txt"
},
{
"name": "sketchup-cve20133664-bo(84723)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"
},
{
"name": "60248",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/60248"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"name": "53635",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53635"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an out-of-bounds stack write. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3662. NOTE: this issue was SPLIT due to different affected products and codebases (ADT1); CVE-2013-7388 has been assigned to the paintlib issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20130531 CVE-2013-3664 - Sketchup Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0008.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.binamuse.com/advisories/BINA-20130521A.txt"
},
{
"name": "sketchup-cve20133664-bo(84723)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"
},
{
"name": "60248",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/60248"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"name": "53635",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53635"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an out-of-bounds stack write. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3662. NOTE: this issue was SPLIT due to different affected products and codebases (ADT1); CVE-2013-7388 has been assigned to the paintlib issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130531 CVE-2013-3664 - Sketchup Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0008.html"
},
{
"name": "http://www.binamuse.com/advisories/BINA-20130521A.txt",
"refsource": "MISC",
"url": "http://www.binamuse.com/advisories/BINA-20130521A.txt"
},
{
"name": "sketchup-cve20133664-bo(84723)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"
},
{
"name": "60248",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/60248"
},
{
"name": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html",
"refsource": "MISC",
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"name": "53635",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53635"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3664",
"datePublished": "2014-07-01T17:00:00",
"dateReserved": "2013-05-24T00:00:00",
"dateUpdated": "2024-08-06T16:14:56.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3662 (GCVE-0-2013-3662)
Vulnerability from cvelistv5
Published
2014-07-01 17:00
Modified
2024-08-06 16:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Timbre SketchUp (formerly Google SketchUp) before 8 Maintenance 2 allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers a stack-based buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/84720 | vdb-entry, x_refsource_XF | |
| http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html | x_refsource_MISC | |
| http://archives.neohapsis.com/archives/bugtraq/2013-06/0006.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "sketchup-cve20133662-code-exec(84720)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84720"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"name": "20130531 CVE-2013-3662 - Sketchup MAC Pict Material Palette Stack Corruption",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Timbre SketchUp (formerly Google SketchUp) before 8 Maintenance 2 allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers a stack-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "sketchup-cve20133662-code-exec(84720)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84720"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"name": "20130531 CVE-2013-3662 - Sketchup MAC Pict Material Palette Stack Corruption",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0006.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Timbre SketchUp (formerly Google SketchUp) before 8 Maintenance 2 allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers a stack-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sketchup-cve20133662-code-exec(84720)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84720"
},
{
"name": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html",
"refsource": "MISC",
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"name": "20130531 CVE-2013-3662 - Sketchup MAC Pict Material Palette Stack Corruption",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0006.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3662",
"datePublished": "2014-07-01T17:00:00",
"dateReserved": "2013-05-24T00:00:00",
"dateUpdated": "2024-08-06T16:14:56.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4894 (GCVE-0-2012-4894)
Vulnerability from cvelistv5
Published
2012-10-05 10:00
Modified
2024-08-06 20:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Google SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SKP file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/85570 | vdb-entry, x_refsource_OSVDB | |
| http://technet.microsoft.com/security/msvr/msvr12-015 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/78676 | vdb-entry, x_refsource_XF | |
| http://support.google.com/sketchup/bin/static.py?page=release_notes.cs | x_refsource_MISC | |
| http://www.securityfocus.com/bid/55598 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:18.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "85570",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/85570"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://technet.microsoft.com/security/msvr/msvr12-015"
},
{
"name": "google-sketchup-skp-code-execution(78676)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78676"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://support.google.com/sketchup/bin/static.py?page=release_notes.cs"
},
{
"name": "55598",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55598"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Google SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SKP file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "85570",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/85570"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://technet.microsoft.com/security/msvr/msvr12-015"
},
{
"name": "google-sketchup-skp-code-execution(78676)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78676"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://support.google.com/sketchup/bin/static.py?page=release_notes.cs"
},
{
"name": "55598",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55598"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SKP file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "85570",
"refsource": "OSVDB",
"url": "http://osvdb.org/85570"
},
{
"name": "http://technet.microsoft.com/security/msvr/msvr12-015",
"refsource": "MISC",
"url": "http://technet.microsoft.com/security/msvr/msvr12-015"
},
{
"name": "google-sketchup-skp-code-execution(78676)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78676"
},
{
"name": "http://support.google.com/sketchup/bin/static.py?page=release_notes.cs",
"refsource": "MISC",
"url": "http://support.google.com/sketchup/bin/static.py?page=release_notes.cs"
},
{
"name": "55598",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55598"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4894",
"datePublished": "2012-10-05T10:00:00",
"dateReserved": "2012-09-12T00:00:00",
"dateUpdated": "2024-08-06T20:50:18.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2478 (GCVE-0-2011-2478)
Vulnerability from cvelistv5
Published
2012-04-17 18:00
Modified
2024-08-06 23:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Google SketchUp before 8 does not properly handle edge geometry in SketchUp (aka .SKP) files, which allows remote attackers to execute arbitrary code via a crafted file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://technet.microsoft.com/en-us/security/msvr/msvr11-006 | x_refsource_MISC | |
| http://support.google.com/sketchup/bin/static.py?hl=en&page=release_notes.cs&rd=1 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:00:34.101Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://technet.microsoft.com/en-us/security/msvr/msvr11-006"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.google.com/sketchup/bin/static.py?hl=en\u0026page=release_notes.cs\u0026rd=1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Google SketchUp before 8 does not properly handle edge geometry in SketchUp (aka .SKP) files, which allows remote attackers to execute arbitrary code via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-16T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://technet.microsoft.com/en-us/security/msvr/msvr11-006"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.google.com/sketchup/bin/static.py?hl=en\u0026page=release_notes.cs\u0026rd=1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google SketchUp before 8 does not properly handle edge geometry in SketchUp (aka .SKP) files, which allows remote attackers to execute arbitrary code via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://technet.microsoft.com/en-us/security/msvr/msvr11-006",
"refsource": "MISC",
"url": "http://technet.microsoft.com/en-us/security/msvr/msvr11-006"
},
{
"name": "http://support.google.com/sketchup/bin/static.py?hl=en\u0026page=release_notes.cs\u0026rd=1",
"refsource": "CONFIRM",
"url": "http://support.google.com/sketchup/bin/static.py?hl=en\u0026page=release_notes.cs\u0026rd=1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2478",
"datePublished": "2012-04-17T18:00:00",
"dateReserved": "2011-06-14T00:00:00",
"dateUpdated": "2024-08-06T23:00:34.101Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2536 (GCVE-0-2016-2536)
Vulnerability from cvelistv5
Published
2016-02-22 15:05
Modified
2024-08-05 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. NOTE: the primary affected product may be SketchUp.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.zerodayinitiative.com/advisories/ZDI-16-175 | x_refsource_MISC | |
| http://www.zerodayinitiative.com/advisories/ZDI-16-173 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/83307 | vdb-entry, x_refsource_BID | |
| http://www.zerodayinitiative.com/advisories/ZDI-16-174 | x_refsource_MISC | |
| http://www.zerodayinitiative.com/advisories/ZDI-16-176 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:32:20.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-175"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-173"
},
{
"name": "83307",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/83307"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-174"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-176"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. NOTE: the primary affected product may be SketchUp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-13T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-175"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-173"
},
{
"name": "83307",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/83307"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-174"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-176"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2536",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. NOTE: the primary affected product may be SketchUp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-175",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-175"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-173",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-173"
},
{
"name": "83307",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/83307"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-174",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-174"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-176",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-176"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2536",
"datePublished": "2016-02-22T15:05:00",
"dateReserved": "2016-02-22T00:00:00",
"dateUpdated": "2024-08-05T23:32:20.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3663 (GCVE-0-2013-3663)
Vulnerability from cvelistv5
Published
2014-06-13 14:00
Modified
2024-08-06 16:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 8 Maintenance 3, allows remote attackers to execute arbitrary code via a crafted RLE8 compressed BMP.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-06/0007.html | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/84721 | vdb-entry, x_refsource_XF | |
| http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130531 CVE-2013-3663 - SketchUp BMP RLE8 Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0007.html"
},
{
"name": "sketchup-cve20133663-bo(84721)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84721"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 8 Maintenance 3, allows remote attackers to execute arbitrary code via a crafted RLE8 compressed BMP."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20130531 CVE-2013-3663 - SketchUp BMP RLE8 Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0007.html"
},
{
"name": "sketchup-cve20133663-bo(84721)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84721"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 8 Maintenance 3, allows remote attackers to execute arbitrary code via a crafted RLE8 compressed BMP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130531 CVE-2013-3663 - SketchUp BMP RLE8 Heap Overflow",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0007.html"
},
{
"name": "sketchup-cve20133663-bo(84721)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84721"
},
{
"name": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html",
"refsource": "MISC",
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3663",
"datePublished": "2014-06-13T14:00:00",
"dateReserved": "2013-05-24T00:00:00",
"dateUpdated": "2024-08-06T16:14:56.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201602-0173
Vulnerability from variot
Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. NOTE: the primary affected product may be SketchUp. In addition, this case SketchUp May be a vulnerability.Skillfully crafted by a third party SketchUp Arbitrary code may be executed through the documentation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of SketchUp documents. With a specially crafted SketchUp document, an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "3d visual enterprise viewer",
"scope": null,
"trust": 4.8,
"vendor": "sap",
"version": null
},
{
"_id": null,
"model": "3d visual enterprise viewer",
"scope": "eq",
"trust": 1.2,
"vendor": "sap",
"version": "*"
},
{
"_id": null,
"model": "sketchup",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "*"
},
{
"_id": null,
"model": "sketchup",
"scope": null,
"trust": 0.8,
"vendor": "trimble",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "d4504b9c-1e42-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-173"
},
{
"db": "ZDI",
"id": "ZDI-16-174"
},
{
"db": "ZDI",
"id": "ZDI-16-176"
},
{
"db": "ZDI",
"id": "ZDI-16-175"
},
{
"db": "CNVD",
"id": "CNVD-2016-01480"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001539"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-396"
},
{
"db": "NVD",
"id": "CVE-2016-2536"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:sap:3d_visual_enterprise_viewer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:trimble:sketchup",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001539"
}
]
},
"credits": {
"_id": null,
"data": "Steven Seeley of Source Incite",
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-173"
},
{
"db": "ZDI",
"id": "ZDI-16-174"
},
{
"db": "ZDI",
"id": "ZDI-16-176"
},
{
"db": "ZDI",
"id": "ZDI-16-175"
}
],
"trust": 2.8
},
"cve": "CVE-2016-2536",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2016-2536",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 4.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-01480",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "d4504b9c-1e42-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-2536",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2016-2536",
"trust": 2.8,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2016-2536",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-2536",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-01480",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-396",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "d4504b9c-1e42-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "d4504b9c-1e42-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-173"
},
{
"db": "ZDI",
"id": "ZDI-16-174"
},
{
"db": "ZDI",
"id": "ZDI-16-176"
},
{
"db": "ZDI",
"id": "ZDI-16-175"
},
{
"db": "CNVD",
"id": "CNVD-2016-01480"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001539"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-396"
},
{
"db": "NVD",
"id": "CVE-2016-2536"
}
]
},
"description": {
"_id": null,
"data": "Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. NOTE: the primary affected product may be SketchUp. In addition, this case SketchUp May be a vulnerability.Skillfully crafted by a third party SketchUp Arbitrary code may be executed through the documentation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of SketchUp documents. With a specially crafted SketchUp document, an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2536"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001539"
},
{
"db": "ZDI",
"id": "ZDI-16-173"
},
{
"db": "ZDI",
"id": "ZDI-16-174"
},
{
"db": "ZDI",
"id": "ZDI-16-176"
},
{
"db": "ZDI",
"id": "ZDI-16-175"
},
{
"db": "CNVD",
"id": "CNVD-2016-01480"
},
{
"db": "IVD",
"id": "d4504b9c-1e42-11e6-abef-000c29c66e3d"
}
],
"trust": 4.86
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2016-2536",
"trust": 5.2
},
{
"db": "ZDI",
"id": "ZDI-16-176",
"trust": 3.7
},
{
"db": "ZDI",
"id": "ZDI-16-173",
"trust": 3.1
},
{
"db": "ZDI",
"id": "ZDI-16-174",
"trust": 3.1
},
{
"db": "ZDI",
"id": "ZDI-16-175",
"trust": 3.1
},
{
"db": "BID",
"id": "83307",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2016-01480",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001539",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2974",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2976",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2975",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2979",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201602-396",
"trust": 0.6
},
{
"db": "IVD",
"id": "D4504B9C-1E42-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "d4504b9c-1e42-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-16-173"
},
{
"db": "ZDI",
"id": "ZDI-16-174"
},
{
"db": "ZDI",
"id": "ZDI-16-176"
},
{
"db": "ZDI",
"id": "ZDI-16-175"
},
{
"db": "CNVD",
"id": "CNVD-2016-01480"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001539"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-396"
},
{
"db": "NVD",
"id": "CVE-2016-2536"
}
]
},
"id": "VAR-201602-0173",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "d4504b9c-1e42-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-01480"
}
],
"trust": 0.08
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "d4504b9c-1e42-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-01480"
}
]
},
"last_update_date": "2024-11-23T22:34:51.068000Z",
"patch": {
"_id": null,
"data": [
{
"title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.06/30/2015 - Disclosed vulnerability reports to vendor09/28/2015 - The vendor let ZDI know that they would need an extension09/29/2015 - ZDI agreed to an extension02/09/2016 - ZDI notified the vendor that these would move to 0-day02/09/2016 - The vendor replied that: \"This issue is related to SketchUp having this vulnerability. SketchUp has refused to provide a patch. Is it still possible to ask for an \u0027exceptional\u0027 extension for us to manage a work-around?\"02/10/2016 - ZDI responded \"No further extension can be granted.\"-- Mitigation:Given the stated purpose of SAP 3D Virtual Enterprise Viewer, and the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application to trusted files.-- Vendor Response:On 2/26/2016 SAP notified ZDI of the following available updates:2281195 \u003c - Potential remote termination of running processes in SAP Visual Enterprise Author, Generator and ViewerAn attacker can remotely exploit SAP Visual Enterprise Author, Generator and Viewer version 8.0, which may lead to application termination.Customers are advised to apply Note 2281195 \u003c immediately. We would like to remind our customers to secure SAP systems by installing all available security patches. You can find security notes and patches in the SAP Support Portal here \u003chttps://support.sap.com/securitynotes\u003e .",
"trust": 2.8,
"url": "https://service.sap.com/sap/support/notes/2281195\u003e"
},
{
"title": "SAP 3D Visual Enterprise Viewer",
"trust": 0.8,
"url": "https://wiki.scn.sap.com/wiki/display/SVE/SAP+3D+Visual+Enterprise+Viewer"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-173"
},
{
"db": "ZDI",
"id": "ZDI-16-174"
},
{
"db": "ZDI",
"id": "ZDI-16-176"
},
{
"db": "ZDI",
"id": "ZDI-16-175"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001539"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-399",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001539"
},
{
"db": "NVD",
"id": "CVE-2016-2536"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 5.6,
"url": "https://service.sap.com/sap/support/notes/2281195\u003e"
},
{
"trust": 2.8,
"url": "https://support.sap.com/securitynotes\u003e"
},
{
"trust": 2.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-173"
},
{
"trust": 2.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-174"
},
{
"trust": 2.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-175"
},
{
"trust": 2.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-176"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/83307"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2536"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2536"
},
{
"trust": 0.6,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-176/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-173"
},
{
"db": "ZDI",
"id": "ZDI-16-174"
},
{
"db": "ZDI",
"id": "ZDI-16-176"
},
{
"db": "ZDI",
"id": "ZDI-16-175"
},
{
"db": "CNVD",
"id": "CNVD-2016-01480"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001539"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-396"
},
{
"db": "NVD",
"id": "CVE-2016-2536"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "d4504b9c-1e42-11e6-abef-000c29c66e3d",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-16-173",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-16-174",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-16-176",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-16-175",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2016-01480",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001539",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201602-396",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2016-2536",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2016-03-08T00:00:00",
"db": "IVD",
"id": "d4504b9c-1e42-11e6-abef-000c29c66e3d",
"ident": null
},
{
"date": "2016-02-18T00:00:00",
"db": "ZDI",
"id": "ZDI-16-173",
"ident": null
},
{
"date": "2016-02-18T00:00:00",
"db": "ZDI",
"id": "ZDI-16-174",
"ident": null
},
{
"date": "2016-02-18T00:00:00",
"db": "ZDI",
"id": "ZDI-16-176",
"ident": null
},
{
"date": "2016-02-18T00:00:00",
"db": "ZDI",
"id": "ZDI-16-175",
"ident": null
},
{
"date": "2016-03-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01480",
"ident": null
},
{
"date": "2016-03-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001539",
"ident": null
},
{
"date": "2016-02-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-396",
"ident": null
},
{
"date": "2016-02-22T15:59:03.097000",
"db": "NVD",
"id": "CVE-2016-2536",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2016-02-18T00:00:00",
"db": "ZDI",
"id": "ZDI-16-173",
"ident": null
},
{
"date": "2016-02-18T00:00:00",
"db": "ZDI",
"id": "ZDI-16-174",
"ident": null
},
{
"date": "2016-02-18T00:00:00",
"db": "ZDI",
"id": "ZDI-16-176",
"ident": null
},
{
"date": "2016-02-18T00:00:00",
"db": "ZDI",
"id": "ZDI-16-175",
"ident": null
},
{
"date": "2016-03-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01480",
"ident": null
},
{
"date": "2016-03-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001539",
"ident": null
},
{
"date": "2016-02-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-396",
"ident": null
},
{
"date": "2024-11-21T02:48:38.777000",
"db": "NVD",
"id": "CVE-2016-2536",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-396"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "(0Day) SAP 3D Visual Enterprise Viewer SketchUp document Use-After-Free Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-173"
},
{
"db": "ZDI",
"id": "ZDI-16-174"
},
{
"db": "ZDI",
"id": "ZDI-16-176"
},
{
"db": "ZDI",
"id": "ZDI-16-175"
}
],
"trust": 2.8
},
"type": {
"_id": null,
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-396"
}
],
"trust": 0.6
}
}