CVE-2013-3664: Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette tabl...

Description

Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an out-of-bounds stack write. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3662. NOTE: this issue was SPLIT due to different affected products and codebases (ADT1); CVE-2013-7388 has been assigned to the paintlib issue.

Metrics

EPSS Probability

29.78%

98.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-119

Affected Software

Vendor	Product	Versions	Update
Google	Sketchup	6.0	Maintenance 6
Google	Sketchup	7.0	Maintenance 1
Google	Sketchup	7.1	—
Google	Sketchup	8.0	—
Trimble	Sketchup	<= 8.0	Maintenance 5

References

Timeline

Published: Jul 1, 2014
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2013-3664?

Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an out-of-bounds stack write. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3662. NOTE: this issue was SPLIT due to different affected products and codebases (ADT1); CVE-2013-7388 has been assigned to the paintlib issue.

How severe is CVE-2013-3664?

Severity scoring for CVE-2013-3664 is pending analysis. The EPSS model estimates a 29.78% probability of exploitation in the next 30 days.

How do I fix CVE-2013-3664?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.