CVE-2013-5357 - OpenCVE

Integer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to execute arbitrary code via a long TIFF tag that triggers a heap-based buffer overflow, as demonstrated using a Canon RAW CR2 file with a long TIFF StripByteCounts tag.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Google	Picasa

Configuration 1 [-]

cpe:2.3:a:google:picasa:3.9.0:*:*:*:*:*:*:*

References

Link	Resource
http://secunia.com/advisories/55555	Vendor Advisory
http://secunia.com/secunia_research/2013-14/	Vendor Advisory
http://www.securitytracker.com/id/1029527
https://support.google.com/picasa/answer/53209	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: flexera

Published: 2014-01-09T00:00:00

Updated: 2014-01-08T23:57:01

Reserved: 2013-08-21T00:00:00

Link: CVE-2013-5357

JSON object: View

NVD Information

Status : Analyzed

Published: 2014-01-09T00:55:02.927

Modified: 2014-04-25T13:38:54.730

Link: CVE-2013-5357

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-12-12T00:00:00", "descriptions": [{"lang": "en", "value": "Integer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to execute arbitrary code via a long TIFF tag that triggers a heap-based buffer overflow, as demonstrated using a Canon RAW CR2 file with a long TIFF StripByteCounts tag."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-01-08T23:57:01", "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "shortName": "flexera"}, "references": [{"name": "55555", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/55555"}, {"tags": ["x_refsource_MISC"], "url": "http://secunia.com/secunia_research/2013-14/"}, {"name": "1029527", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1029527"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.google.com/picasa/answer/53209"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2013-5357", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to execute arbitrary code via a long TIFF tag that triggers a heap-based buffer overflow, as demonstrated using a Canon RAW CR2 file with a long TIFF StripByteCounts tag."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "55555", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55555"}, {"name": "http://secunia.com/secunia_research/2013-14/", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2013-14/"}, {"name": "1029527", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029527"}, {"name": "https://support.google.com/picasa/answer/53209", "refsource": "CONFIRM", "url": "https://support.google.com/picasa/answer/53209"}]}}}}, "cveMetadata": {"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "assignerShortName": "flexera", "cveId": "CVE-2013-5357", "datePublished": "2014-01-09T00:00:00", "dateReserved": "2013-08-21T00:00:00", "dateUpdated": "2014-01-08T23:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:picasa:3.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "6AD9C0A8-165B-4D92-B3F6-AC89982F7F79", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to execute arbitrary code via a long TIFF tag that triggers a heap-based buffer overflow, as demonstrated using a Canon RAW CR2 file with a long TIFF StripByteCounts tag."}, {"lang": "es", "value": "Desbordamiento de enteros en Picasa3.exe en Google Picasa anterior a 3.9.0 Build 137.69 que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una etiqueta TIFF grande que dispara un desbordamiento de b\u00fafer basado en la pila, como se ha demostrado mediante un archivo Canon RAW CR2 con la etiqueta TIFF StripByteCounts grande."}], "id": "CVE-2013-5357", "lastModified": "2014-04-25T13:38:54.730", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-01-09T00:55:02.927", "references": [{"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/55555"}, {"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/secunia_research/2013-14/"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.securitytracker.com/id/1029527"}, {"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "https://support.google.com/picasa/answer/53209"}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}