CVE-2013-5349 - Vulnerability Details - OpenCVE

Integer underflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to execute arbitrary code via a crafted JPEG tag that triggers a heap-based buffer overflow, as demonstrated using a Canon RAW CR2 file with a large JPEG tag value and a small size.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Picasa

Configuration 1 [-]

cpe:2.3:a:google:picasa:3.9.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/55555
http://secunia.com/secunia_research/2013-14/
http://www.securitytracker.com/id/1029527
https://support.google.com/picasa/answer/53209

History

No history.

MITRE

Status: PUBLISHED

Assigner: flexera

Published: 2014-01-09T00:00:00.000Z

Updated: 2024-08-06T17:06:52.319Z

Reserved: 2013-08-21T00:00:00.000Z

Link: CVE-2013-5349

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-01-09T00:55:02.880

Modified: 2026-04-29T01:13:23.040

Link: CVE-2013-5349

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-12-12T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Integer underflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to execute arbitrary code via a crafted JPEG tag that triggers a heap-based buffer overflow, as demonstrated using a Canon RAW CR2 file with a large JPEG tag value and a small size."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-01-08T23:57:01.000Z", "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "shortName": "flexera"}, "references": [{"name": "55555", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/55555"}, {"tags": ["x_refsource_MISC"], "url": "http://secunia.com/secunia_research/2013-14/"}, {"name": "1029527", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1029527"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.google.com/picasa/answer/53209"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2013-5349", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer underflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to execute arbitrary code via a crafted JPEG tag that triggers a heap-based buffer overflow, as demonstrated using a Canon RAW CR2 file with a large JPEG tag value and a small size."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "55555", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55555"}, {"name": "http://secunia.com/secunia_research/2013-14/", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2013-14/"}, {"name": "1029527", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029527"}, {"name": "https://support.google.com/picasa/answer/53209", "refsource": "CONFIRM", "url": "https://support.google.com/picasa/answer/53209"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T17:06:52.319Z"}, "title": "CVE Program Container", "references": [{"name": "55555", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/55555"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://secunia.com/secunia_research/2013-14/"}, {"name": "1029527", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1029527"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.google.com/picasa/answer/53209"}]}]}, "cveMetadata": {"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "assignerShortName": "flexera", "cveId": "CVE-2013-5349", "datePublished": "2014-01-09T00:00:00.000Z", "dateReserved": "2013-08-21T00:00:00.000Z", "dateUpdated": "2024-08-06T17:06:52.319Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:picasa:3.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "6AD9C0A8-165B-4D92-B3F6-AC89982F7F79", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer underflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to execute arbitrary code via a crafted JPEG tag that triggers a heap-based buffer overflow, as demonstrated using a Canon RAW CR2 file with a large JPEG tag value and a small size."}, {"lang": "es", "value": "Underflow de Entero en Picasa3.exe de Google Picasa anteriores a 3.9.0 Build 137.69 permite a atacantes remotos ejecutar c\u00f3digo de forma arbitraria a trav\u00e9s de una etiqueta JPEG manipulada que produce un desbordamiento de buffer basado en memoria din\u00e1mica, como fue demostrado utilizando un archivo Cano RAW CR2 con un valor de etiqueta JPEG demasiado grande y un tama\u00f1o peque\u00f1o."}], "id": "CVE-2013-5349", "lastModified": "2026-04-29T01:13:23.040", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-01-09T00:55:02.880", "references": [{"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/55555"}, {"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/secunia_research/2013-14/"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.securitytracker.com/id/1029527"}, {"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "https://support.google.com/picasa/answer/53209"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/55555"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/secunia_research/2013-14/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1029527"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.google.com/picasa/answer/53209"}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}