CVE-2024-7508
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2024-7508 is a heap-based buffer overflow vulnerability in Trimble SketchUp Viewer. This issue occurs during the parsing of SKP files, where user-supplied data is not properly validated before being copied to a fixed-length buffer. As a result, remote attackers can exploit this vulnerability by supplying malicious data to trigger the buffer overflow, leading to arbitrary code execution on affected installations. User interaction, such as visiting a malicious webpage or opening a malicious file, is required to exploit this issue. This vulnerability was identified as ZDI-CAN-19575 in the Zero Day Initiative.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Trimble SketchUp Viewer
Affected Vendors
- Trimble Inc.