Code Execution Vulnerability in Google Picasa Software
CVE-2011-2747

Currently unrated

Key Information:

Vendor: Google
Status: Picasa
Vendor: CVE Published:; 28 July 2011

Summary

Google Picasa versions prior to 3.6 Build 105.67 are susceptible to a significant vulnerability that arises from improper handling of invalid properties within JPEG image files. This oversight can enable remote attackers to execute arbitrary code through the delivery of specially crafted image files. Users of Picasa should ensure they are running the latest version to mitigate potential risks associated with this vulnerability.

References

http://osvdb.org/73980

vdb-entryx_refsource_OSVDB

https://exchange.xforce.ibmcloud.com/vulnerabilities/68735

vdb-entryx_refsource_XF

http://secunia.com/advisories/45293

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jul 28, 2011
Vulnerability Reserved
Jul 14, 2011