Integer Overflow in Google Picasa Affects Image Processing
CVE-2015-8221

Currently unrated

Key Information:

Vendor: Google
Status: Picasa
Vendor: CVE Published:; 17 November 2015

Summary

An integer overflow vulnerability exists in Google Picasa prior to version 3.9.140 Build 259, which can be exploited by remote attackers. This flaw occurs in the processing of CAMF sections within FOVb images and can lead to a heap-based buffer overflow. Successful exploitation may allow attackers to execute arbitrary code on affected systems, potentially compromising user data and system integrity.

References

http://secunia.com/secunia_research/2015-5/

x_refsource_MISC

http://www.securityfocus.com/archive/1/536878/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://packetstormsecurity.com/files/134315/Google-Picasa...

x_refsource_MISC

EPSS Score

24% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 17, 2015
Vulnerability Reserved
Nov 17, 2015