Description
Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to trigger memory corruption via a crafted TIFF tag, as demonstrated using a KDC file with a DSLR-A100 model and certain sequences of tags.
References (4)
Core 4
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/55555
Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2013-14/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1029527
Vendor Advisory x_refsource_confirm
https://support.google.com/picasa/answer/53209
Scores
EPSS
0.0127
EPSS Percentile
66.4%
Details
CWE
CWE-119
Status
published
Products (1)
google/picasa
3.9.0
Published
Jan 09, 2014
Tracked Since
Feb 18, 2026