Integer Overflow Vulnerability in Google Picasa Software
CVE-2015-8096

Currently unrated

Key Information:

Vendor: Google
Status: Picasa
Vendor: CVE Published:; 9 November 2015

Summary

An integer overflow vulnerability exists in Google Picasa versions 3.9.140 Build 239 and Build 248. This flaw allows remote attackers to execute arbitrary code by manipulating the application through unspecified vectors pertaining to 'phase one 0x412 tag'. When exploited, this vulnerability can lead to a heap-based buffer overflow, which could compromise the software's functionality and potentially allow attackers to take control of the affected system.

References

http://secunia.com/secunia_research/2015-3/

x_refsource_MISC

http://www.securityfocus.com/archive/1/536761/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://packetstormsecurity.com/files/134084/Google-Picasa...

x_refsource_MISC

EPSS Score

23% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 9, 2015
Vulnerability Reserved
Nov 9, 2015