Vulnerability Description
Heap-based buffer overflow in Autodesk SketchBook for Enterprise 2014, Pro, and Express before 6.25, and Copic Edition before 2.0.2 allows remote attackers to execute arbitrary code via RLE-compressed channel data in a PSD file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Autodesk | Sketchbook | <= 6.2.4 |
| Autodesk | Sketchbook Express | <= 6.2.4 |
| Autodesk | Sketchbook For Enterprise 2014 | <= 6.2.4 |
| Autodesk | Sketchbook Pro | <= 6.2.4 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/55000Vendor Advisory
- http://secunia.com/secunia_research/2014-5Vendor Advisory
- http://www.sketchbook.com/news/important-security-update-for-sketchbook.htmlPatchVendor Advisory
- http://secunia.com/advisories/55000Vendor Advisory
- http://secunia.com/secunia_research/2014-5Vendor Advisory
- http://www.sketchbook.com/news/important-security-update-for-sketchbook.htmlPatchVendor Advisory
FAQ
What is CVE-2013-5365?
CVE-2013-5365 is a vulnerability with a CVSS score of 9.3 (HIGH). Heap-based buffer overflow in Autodesk SketchBook for Enterprise 2014, Pro, and Express before 6.25, and Copic Edition before 2.0.2 allows remote attackers to execute arbitrary code via RLE-compressed...
How severe is CVE-2013-5365?
CVE-2013-5365 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-5365?
Check the references section above for vendor advisories and patch information. Affected products include: Autodesk Sketchbook, Autodesk Sketchbook Express, Autodesk Sketchbook For Enterprise 2014, Autodesk Sketchbook Pro.