CVE-2013-5357

Google Picasa - Remote Code Execution via Long TIFF Tag Heap Overflow

Title source: llm
STIX 2.1

Description

Integer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to execute arbitrary code via a long TIFF tag that triggers a heap-based buffer overflow, as demonstrated using a Canon RAW CR2 file with a long TIFF StripByteCounts tag.

References (4)

Core 4
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/55555
Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2013-14/
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1029527
Vendor Advisory x_refsource_confirm
https://support.google.com/picasa/answer/53209

Scores

EPSS 0.0230
EPSS Percentile 81.3%

Details

CWE
CWE-119
Status published
Products (1)
google/picasa 3.9.0
Published Jan 09, 2014
Tracked Since Feb 18, 2026