CVE-2015-8221
Google Picasa < 3.9.140 - Remote Code Execution via CAMF Section Integer Overflow
Title source: llmDescription
Integer overflow in Google Picasa before 3.9.140 Build 259 allows remote attackers to execute arbitrary code via the CAMF section in a FOVb image, which triggers a heap-based buffer overflow.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
http://secunia.com/secunia_research/2015-5/
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/536878/100/0/threaded
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/134315/Google-Picasa-CAMF-Section-Integer-Overflow.html
Scores
EPSS
0.0399
EPSS Percentile
89.3%
Details
CWE
CWE-119
CWE-189
Status
published
Products (1)
google/picasa
< 3.9.140
Published
Nov 17, 2015
Tracked Since
Feb 18, 2026