CVE-2013-5349
Google Picasa (Windows/macOS) versions prior to 3.9.0 Build 137.69 are affected by CVE-2013-5349 due to an integer underflow when parsing Canon RAW CR2 JPEG tags, which can trigger a heap-based buffer overflow and arbitrary code execution. The OpenVAS/Nessus entries confirm multiple related flaws...