CVE-2015-8221

Google Picasa < 3.9.140 - Remote Code Execution via CAMF Section Integer Overflow

Title source: llm
STIX 2.1

Description

Integer overflow in Google Picasa before 3.9.140 Build 259 allows remote attackers to execute arbitrary code via the CAMF section in a FOVb image, which triggers a heap-based buffer overflow.

References (3)

Core 3
Core References
Third Party Advisory x_refsource_misc
http://secunia.com/secunia_research/2015-5/
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/536878/100/0/threaded

Scores

EPSS 0.0399
EPSS Percentile 89.3%

Details

CWE
CWE-119 CWE-189
Status published
Products (1)
google/picasa < 3.9.140
Published Nov 17, 2015
Tracked Since Feb 18, 2026