CVE-2024-7508

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 22, 2024
Updated: Dec 4, 2024
CWE ID 122
CWE ID 787

Summary

CVE-2024-7508 is a heap-based buffer overflow vulnerability in Trimble SketchUp Viewer. This issue occurs during the parsing of SKP files, where user-supplied data is not properly validated before being copied to a fixed-length buffer. As a result, remote attackers can exploit this vulnerability by supplying malicious data to trigger the buffer overflow, leading to arbitrary code execution on affected installations. User interaction, such as visiting a malicious webpage or opening a malicious file, is required to exploit this issue. This vulnerability was identified as ZDI-CAN-19575 in the Zero Day Initiative.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Trimble SketchUp Viewer

Affected Vendors

  • Trimble Inc.