Autodesk SketchBook Pro < 6.2.5 / SketchBook Copic Edition < 2.0.2 Heap Buffer Overflow

High Nessus Plugin ID 77371


The remote host has a graphics editing application installed that is affected by a heap-based buffer overflow vulnerability.


The version of Autodesk SketchBook installed on the remote Mac OS X host is Pro prior to 6.2.5 or Copic Edition prior to 2.0.2. It is, therefore, affected by a heap-based buffer overflow vulnerability. The flaw exists when decompressing RLE-compressed channel data in PSD files, since user-supplied input is not correctly validated. Using a specially crafted PSD file, an attacker could cause a denial of service or execute arbitrary code.


Upgrade to SketchBook Pro 6.2.5 / Copic Edition 2.0.2 or later.

See Also

Plugin Details

Severity: High

ID: 77371

File Name: macosx_autodesk_sketchbook_pro_CVE-2013-5365.nasl

Version: $Revision: 1.1 $

Type: local

Agent: macosx

Published: 2014/08/25

Modified: 2014/08/25

Dependencies: 77368

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:autodesk:sketchbook, cpe:/a:autodesk:sketchbook_pro, cpe:/a:autodesk:sketchbook_copic

Required KB Items: Host/MacOSX/Version, installed_sw/Autodesk SketchBook

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/03/31

Vulnerability Publication Date: 2014/04/01

Reference Information

CVE: CVE-2013-5365

BID: 66563

OSVDB: 105241