CVE-2013-5349

Integer underflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to execute arbitrary code via a crafted JPEG tag that triggers a heap-based buffer overflow, as demonstrated using a Canon RAW CR2 file with a large JPEG tag value and a small size.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/55555	Vendor Advisory
http://secunia.com/secunia_research/2013-14/	Vendor Advisory
http://www.securitytracker.com/id/1029527
https://support.google.com/picasa/answer/53209	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:google:picasa:3.9.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-01-09 00:55

Updated : 2024-02-04 18:16

NVD link : CVE-2013-5349

Mitre link : CVE-2013-5349

CVE.ORG link : CVE-2013-5349

JSON object : View

Products Affected

google

picasa

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2013-5349", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-01-09T00:55:02.880", "references": [{"url": "http://secunia.com/advisories/55555", "tags": ["Vendor Advisory"], "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://secunia.com/secunia_research/2013-14/", "tags": ["Vendor Advisory"], "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www.securitytracker.com/id/1029527", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "https://support.google.com/picasa/answer/53209", "tags": ["Vendor Advisory"], "source": "PSIRT-CNA@flexerasoftware.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Integer underflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to execute arbitrary code via a crafted JPEG tag that triggers a heap-based buffer overflow, as demonstrated using a Canon RAW CR2 file with a large JPEG tag value and a small size."}, {"lang": "es", "value": "Underflow de Entero en Picasa3.exe de Google Picasa anteriores a 3.9.0 Build 137.69 permite a atacantes remotos ejecutar c\u00f3digo de forma arbitraria a trav\u00e9s de una etiqueta JPEG manipulada que produce un desbordamiento de buffer basado en memoria din\u00e1mica, como fue demostrado utilizando un archivo Cano RAW CR2 con un valor de etiqueta JPEG demasiado grande y un tama\u00f1o peque\u00f1o."}], "lastModified": "2014-04-25T13:38:37.810", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:google:picasa:3.9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AD9C0A8-165B-4D92-B3F6-AC89982F7F79"}], "operator": "OR"}]}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com"}