CVE-2015-8096

Google Picasa 3.9.140 Build 239 and Build 248 - Remote Code Execution via Phase One Tag Processing

Title source: llm
STIX 2.1

Description

Integer overflow in Google Picasa 3.9.140 Build 239 and Build 248 allows remote attackers to execute arbitrary code via unspecified vectors related to "phase one 0x412 tag," which triggers a heap-based buffer overflow.

References (3)

Core 3
Core References
Third Party Advisory x_refsource_misc
http://secunia.com/secunia_research/2015-3/
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/536761/100/0/threaded

Scores

EPSS 0.0402
EPSS Percentile 89.3%

Details

CWE
CWE-119 CWE-189
Status published
Products (1)
google/picasa 3.9.140
Published Nov 09, 2015
Tracked Since Feb 18, 2026