CVE-2013-5365 in Sketchbook Pro
Summary
by MITRE
Heap-based buffer overflow in Autodesk SketchBook for Enterprise 2014, Pro, and Express before 6.25, and Copic Edition before 2.0.2 allows remote attackers to execute arbitrary code via RLE-compressed channel data in a PSD file.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 05/09/2026
The vulnerability identified as CVE-2013-5365 represents a critical heap-based buffer overflow flaw affecting Autodesk SketchBook for Enterprise versions 2014, Pro, and Express along with Copic Edition prior to specific patch versions. This vulnerability resides within the image processing functionality of the software, specifically when handling RLE-compressed channel data embedded within PSD (Photoshop Document) file formats. The flaw manifests during the parsing of compressed image data streams where insufficient bounds checking allows attackers to manipulate memory allocation patterns leading to potential code execution.
The technical implementation of this vulnerability stems from improper input validation within the RLE decompression routine that processes channel data in PSD files. When the application encounters malformed RLE-compressed data within a PSD file structure, the decompression algorithm fails to properly validate the size parameters of the compressed data blocks. This allows attackers to craft malicious PSD files containing oversized or malformed RLE data sequences that exceed the allocated buffer boundaries during heap allocation. The overflow occurs in the heap memory management system where the application attempts to write data beyond the intended buffer limits, potentially overwriting adjacent memory structures including return addresses and function pointers.
From an operational perspective, this vulnerability creates a significant attack surface for remote code execution scenarios where an attacker can deliver a malicious PSD file through various attack vectors including email attachments, web downloads, or file sharing platforms. The exploitation requires minimal user interaction beyond opening the malicious file within the vulnerable SketchBook application, making it particularly dangerous in enterprise environments where users frequently handle external image files. The attack chain typically involves crafting a specially formatted PSD file with embedded RLE-compressed channel data that triggers the buffer overflow condition when the application attempts to process the file for display or editing purposes.
The vulnerability aligns with CWE-121, Heap-based Buffer Overflow, which specifically addresses buffer overflows occurring in heap memory regions where insufficient bounds checking allows data to overwrite adjacent memory locations. This classification indicates that the flaw exists in memory management practices where heap allocations do not properly validate input data lengths against allocated buffer sizes. Additionally, this vulnerability maps to ATT&CK technique T1203, Exploitation for Client Execution, as it leverages a client-side application vulnerability to achieve remote code execution through crafted file content. The attack requires no privileged access or specialized tools beyond the ability to create malicious PSD files, making it accessible to threat actors with basic file manipulation capabilities.
Organizations should implement immediate mitigations including patching affected Autodesk SketchBook versions to the latest releases containing the fixed RLE decompression routines and memory validation checks. Network-based protections should include implementing file type restrictions for PSD files, particularly when they originate from untrusted sources, and deploying content filtering solutions that can identify and block potentially malicious image files. Additionally, user education programs should emphasize the importance of only opening image files from trusted sources and maintaining current software versions. The recommended remediation strategy involves comprehensive software update deployment across all affected systems followed by security configuration reviews to ensure that file processing restrictions are properly enforced in enterprise environments.