CVE-2024-9719: 
Trimble SketchUp Viewer vulnerability analysis and mitigation

Trimble SketchUp Viewer contains a use-after-free vulnerability in the SKP file parsing functionality. The vulnerability, tracked as CVE-2024-9719, was discovered and reported on May 1st, 2024, with public disclosure on October 11th, 2024. This vulnerability affects Trimble SketchUp Viewer installations prior to version 2024.0.2 (ZDI Advisory).

The vulnerability exists within the parsing of SKP files and stems from the lack of proper validation of object existence before performing operations on the object. The issue has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access, low attack complexity, no privileges required, and user interaction required for exploitation (NVD).

Successful exploitation of this vulnerability could allow remote attackers to execute arbitrary code in the context of the current process on affected installations of Trimble SketchUp Viewer. The high CVSS score reflects the potential for complete compromise of system confidentiality, integrity, and availability (ZDI Advisory).

The vulnerability has been fixed in SketchUp Viewer version 2024.0.2. Users are advised to upgrade to this version or later to mitigate the risk (ZDI Advisory).