CVE-2013-5357 - OpenCVE

Integer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to execute arbitrary code via a long TIFF tag that triggers a heap-based buffer overflow, as demonstrated using a Canon RAW CR2 file with a long TIFF StripByteCounts tag.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Picasa

Configuration 1 [-]

cpe:2.3:a:google:picasa:3.9.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/55555
http://secunia.com/secunia_research/2013-14/
http://www.securitytracker.com/id/1029527
https://support.google.com/picasa/answer/53209

History

No history.

MITRE

Status: PUBLISHED

Assigner: flexera

Published: 2014-01-09T00:00:00

Updated: 2024-08-06T17:06:52.334Z

Reserved: 2013-08-21T00:00:00

Link: CVE-2013-5357

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2014-01-09T00:55:02.927

Modified: 2014-04-25T13:38:54.730

Link: CVE-2013-5357

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-12-12T00:00:00", "descriptions": [{"lang": "en", "value": "Integer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to execute arbitrary code via a long TIFF tag that triggers a heap-based buffer overflow, as demonstrated using a Canon RAW CR2 file with a long TIFF StripByteCounts tag."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-01-08T23:57:01", "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "shortName": "flexera"}, "references": [{"name": "55555", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/55555"}, {"tags": ["x_refsource_MISC"], "url": "http://secunia.com/secunia_research/2013-14/"}, {"name": "1029527", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1029527"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.google.com/picasa/answer/53209"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2013-5357", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to execute arbitrary code via a long TIFF tag that triggers a heap-based buffer overflow, as demonstrated using a Canon RAW CR2 file with a long TIFF StripByteCounts tag."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "55555", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55555"}, {"name": "http://secunia.com/secunia_research/2013-14/", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2013-14/"}, {"name": "1029527", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029527"}, {"name": "https://support.google.com/picasa/answer/53209", "refsource": "CONFIRM", "url": "https://support.google.com/picasa/answer/53209"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T17:06:52.334Z"}, "title": "CVE Program Container", "references": [{"name": "55555", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/55555"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://secunia.com/secunia_research/2013-14/"}, {"name": "1029527", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1029527"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.google.com/picasa/answer/53209"}]}]}, "cveMetadata": {"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "assignerShortName": "flexera", "cveId": "CVE-2013-5357", "datePublished": "2014-01-09T00:00:00", "dateReserved": "2013-08-21T00:00:00", "dateUpdated": "2024-08-06T17:06:52.334Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:picasa:3.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "6AD9C0A8-165B-4D92-B3F6-AC89982F7F79", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to execute arbitrary code via a long TIFF tag that triggers a heap-based buffer overflow, as demonstrated using a Canon RAW CR2 file with a long TIFF StripByteCounts tag."}, {"lang": "es", "value": "Desbordamiento de enteros en Picasa3.exe en Google Picasa anterior a 3.9.0 Build 137.69 que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una etiqueta TIFF grande que dispara un desbordamiento de b\u00fafer basado en la pila, como se ha demostrado mediante un archivo Canon RAW CR2 con la etiqueta TIFF StripByteCounts grande."}], "id": "CVE-2013-5357", "lastModified": "2014-04-25T13:38:54.730", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-01-09T00:55:02.927", "references": [{"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/55555"}, {"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/secunia_research/2013-14/"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.securitytracker.com/id/1029527"}, {"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "https://support.google.com/picasa/answer/53209"}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}