VYPR

Sketchup

by Trimble

CVEs (12)

  • CVE-2026-9264CriMay 22, 2026
    risk 0.60cvss 9.3epss 0.00

    A cross-site scripting (XSS) vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution and local file exfiltration through maliciously crafted SKP files. The vulnerability stems from improper input sanitization in the component options window,…

  • CVE-2025-15062HigJan 23, 2026
    risk 0.51cvss 7.8epss 0.00

    Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target…

  • CVE-2025-60749HigOct 31, 2025
    risk 0.51cvss 7.8epss 0.00

    DLL Hijacking vulnerability in Trimble SketchUp desktop 2025 via crafted libcef.dll used by sketchup_webhelper.exe.

  • CVE-2013-3663Jun 13, 2014
    risk 0.03cvss epss 0.32

    Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 8 Maintenance 3, allows remote attackers to execute arbitrary code via a crafted RLE8 compressed BMP.

  • CVE-2013-3664Jul 1, 2014
    risk 0.02cvss epss 0.30

    Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an out-of-bounds stack write. NOTE: this vulnerability exists because of an incomplete…

  • CVE-2013-7388Jul 1, 2014
    risk 0.01cvss epss 0.13

    Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689), allows remote attackers to execute arbitrary code via a crafted RLE4-compressed bitmap (BMP). NOTE: this issue was SPLIT from CVE-2013-3664 due to different…

  • CVE-2025-2024Mar 7, 2025
    risk 0.00cvss epss 0.00

    Trimble SketchUp SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that…

  • CVE-2024-7511Nov 22, 2024
    risk 0.00cvss epss 0.00

    Trimble SketchUp Pro SKP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trimble SketchUp Pro. User interaction is required to exploit this…

  • CVE-2024-7510Nov 22, 2024
    risk 0.00cvss epss 0.00

    Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target…

  • CVE-2024-7509Nov 22, 2024
    risk 0.00cvss epss 0.00

    Trimble SketchUp SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in…

  • CVE-2024-9713Nov 22, 2024
    risk 0.00cvss epss 0.00

    Trimble SketchUp Pro SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Pro. User interaction is required to exploit this vulnerability in that…

  • CVE-2024-9712Nov 22, 2024
    risk 0.00cvss epss 0.00

    Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target…