CVE-2015-8096
Google Picasa 3.9.140 Build 239 and Build 248 - Remote Code Execution via Phase One Tag Processing
Title source: llmDescription
Integer overflow in Google Picasa 3.9.140 Build 239 and Build 248 allows remote attackers to execute arbitrary code via unspecified vectors related to "phase one 0x412 tag," which triggers a heap-based buffer overflow.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
http://secunia.com/secunia_research/2015-3/
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/536761/100/0/threaded
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/134084/Google-Picasa-Phase-One-Tags-Processing-Integer-Overflow.html
Scores
EPSS
0.0402
EPSS Percentile
89.3%
Details
CWE
CWE-119
CWE-189
Status
published
Products (1)
google/picasa
3.9.140
Published
Nov 09, 2015
Tracked Since
Feb 18, 2026