CVE-2024-7511

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 22, 2024

Updated: Dec 3, 2024

CWE ID 125

Summary

CVE-2024-7511 is an Information Disclosure vulnerability in Trimble SketchUp Pro's handling of PSD files embedded in SKP files. This issue arises due to inadequate validation of user-supplied data, which allows an attacker to read past the end of an allocated buffer. The vulnerability can be exploited only if the target visits a malicious page or opens a malicious file. While this vulnerability does not directly allow code execution, it can be combined with other vulnerabilities to achieve that goal. ZDI-CAN-23000 first reported this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Trimble Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/xgVUsd
https://www.cve.org/CVERecord?id=CVE-2024-7511
https://nvd.nist.gov/vuln/detail/CVE-2024-7511

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Know What Matters

For Customers

For Partners

CVE-2024-7511

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations