Vulnerability Description
Integer overflow in Google Picasa 3.9.140 Build 239 and Build 248 allows remote attackers to execute arbitrary code via unspecified vectors related to "phase one 0x412 tag," which triggers a heap-based buffer overflow.
CVSS Score
10.0
HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Picasa | 3.9.140 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/134084/Google-Picasa-Phase-One-Tags-Process
- http://secunia.com/secunia_research/2015-3/
- http://www.securityfocus.com/archive/1/536761/100/0/threaded
- http://packetstormsecurity.com/files/134084/Google-Picasa-Phase-One-Tags-Process
- http://secunia.com/secunia_research/2015-3/
- http://www.securityfocus.com/archive/1/536761/100/0/threaded
FAQ
What is CVE-2015-8096?
CVE-2015-8096 is a vulnerability with a CVSS score of 10.0 (HIGH). Integer overflow in Google Picasa 3.9.140 Build 239 and Build 248 allows remote attackers to execute arbitrary code via unspecified vectors related to "phase one 0x412 tag," which triggers a heap-base...
How severe is CVE-2015-8096?
CVE-2015-8096 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-8096?
Check the references section above for vendor advisories and patch information. Affected products include: Google Picasa.