HIGH🇬🇧 English

CVE-2013-5349

CVSS 7.5v2.0pub. 2014-01-09upd. 2026-04-29

Integer underflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to execute arbitrary code via a crafted JPEG tag that triggers a heap-based buffer overflow, as demonstrated using a Canon RAW CR2 file with a large JPEG tag value and a small size.

oryginał EN
CVSS Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
  • Google Picasa

    APP
    Google
    3.9.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEMemory
CWE
Referencje

Powiązane podatności

CVE-2015-8221HIGH10.0ten sam produkt

Integer overflow in Google Picasa before 3.9.140 Build 259 allows remote attackers to execute arbitrary code v...

CVE-2015-8096HIGH10.0ten sam produkt

Integer overflow in Google Picasa 3.9.140 Build 239 and Build 248 allows remote attackers to execute arbitrary...

CVE-2013-5357HIGH7.5ten sam produkt

Integer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to execute ...

CVE-2013-5358HIGH7.5ten sam produkt

Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to trigger memory corruption vi...

CVE-2013-5359HIGH7.5ten sam produkt

Stack-based buffer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 might allow remote attac...