CVE-2013-5359
high
CVSS v3
—
CVSS v2
7.5
VIR risk
7.5
Description
Stack-based buffer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 might allow remote attackers to execute arbitrary code via a crafted RAW file, as demonstrated using a KDC file with a certain size.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: PSIRT-CNA@flexerasoftware.com — https://support.google.com/picasa/answer/53209
Vendor advisory: PSIRT-CNA@flexerasoftware.com — http://secunia.com/secunia_research/2013-14/
Vendor advisory: PSIRT-CNA@flexerasoftware.com — http://secunia.com/advisories/55555
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| picasa | 3.9.0 | |
References
- http://secunia.com/advisories/55555
- http://secunia.com/secunia_research/2013-14/
- http://www.securitytracker.com/id/1029527
- https://support.google.com/picasa/answer/53209
- http://secunia.com/advisories/55555
- http://secunia.com/secunia_research/2013-14/
- http://www.securitytracker.com/id/1029527
- https://support.google.com/picasa/answer/53209
CWEs
CWE-119
Verify integrity in audit chain (admin only). AS-IS.