Picasa Security Vulnerabilities and Issues — Picasa CVE List

Lucene search

GooglePicasa

11 matches found

CVE•added 2015/11/17 3:59 p.m.•932 views

CVE-2015-8221

Integer overflow in Google Picasa before 3.9.140 Build 259 allows remote attackers to execute arbitrary code via the CAMF section in a FOVb image, which triggers a heap-based buffer overflow.

10CVSS8.2AI score0.24929EPSS

CVE•added 2015/11/09 4:59 p.m.•570 views

CVE-2015-8096

Integer overflow in Google Picasa 3.9.140 Build 239 and Build 248 allows remote attackers to execute arbitrary code via unspecified vectors related to "phase one 0x412 tag," which triggers a heap-based buffer overflow.

10CVSS8.2AI score0.10251EPSS

CVE•added 2014/01/09 12:55 a.m.•120 views

CVE-2013-5357

Integer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to execute arbitrary code via a long TIFF tag that triggers a heap-based buffer overflow, as demonstrated using a Canon RAW CR2 file with a long TIFF StripByteCounts tag.

7.5CVSS8AI score0.02556EPSS

CVE•added 2011/07/28 6:55 p.m.•57 views

CVE-2011-2747

Google Picasa before 3.6 Build 105.67 does not properly handle invalid properties in JPEG images, which allows remote attackers to execute arbitrary code via a crafted image file.

9.3CVSS7.6AI score0.04229EPSS

CVE•added 2007/09/11 7:17 p.m.•49 views

CVE-2007-4823

Multiple buffer overflows in Google Picasa have unspecified attack vectors and impact. NOTE: this information is based upon a vague pre-advisory.

7.5CVSS6.7AI score0.0012EPSS

CVE•added 2011/03/28 4:55 p.m.•49 views

CVE-2011-0458

Untrusted search path vulnerability in the Locate on Disk feature in Google Picasa before 3.8 allows local users to gain privileges via a Trojan horse executable file in the current working directory.

6.9CVSS6.3AI score0.00034EPSS

CVE•added 2014/01/09 12:55 a.m.•48 views

CVE-2013-5359

Stack-based buffer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 might allow remote attackers to execute arbitrary code via a crafted RAW file, as demonstrated using a KDC file with a certain size.

7.5CVSS8.1AI score0.02556EPSS

CVE•added 2014/01/09 12:55 a.m.•47 views

CVE-2013-5349

Integer underflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to execute arbitrary code via a crafted JPEG tag that triggers a heap-based buffer overflow, as demonstrated using a Canon RAW CR2 file with a large JPEG tag value and a small size.

7.5CVSS7.8AI score0.02556EPSS

CVE•added 2014/01/09 12:55 a.m.•46 views

CVE-2013-5358

Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to trigger memory corruption via a crafted TIFF tag, as demonstrated using a KDC file with a DSLR-A100 model and certain sequences of tags.

7.5CVSS6.8AI score0.00712EPSS

CVE•added 2007/09/11 7:17 p.m.•42 views

CVE-2007-4824

Multiple cross-application scripting (XAS) vulnerabilities in Google Picasa have unspecified attack vectors and impact. NOTE: this information is based upon a vague pre-advisory.

6.8CVSS6.4AI score0.00113EPSS

CVE•added 2007/09/12 8:17 p.m.•39 views

CVE-2007-4847

Google Picasa allows remote attackers to read image files stored by Picasa via unspecified vectors involving a picasa:// URI. NOTE: this information is based upon a vague pre-advisory.

5CVSS6.1AI score0.00163EPSS