CVE-2011-2747

Published Jul 28, 2011

Last updated 7 years ago

CVSS info 9.3

Overview

Description: Google Picasa before 3.6 Build 105.67 does not properly handle invalid properties in JPEG images, which allows remote attackers to execute arbitrary code via a crafted image file.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-94

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:google:picasa:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E78EA789-A000-4709-9DB0-EACCD9F80360",
            "versionEndIncluding": "3.6_build_105.65"
          },
          {
            "criteria": "cpe:2.3:a:google:picasa:3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8010B77E-05EA-4507-A553-767745CD6151"
          },
          {
            "criteria": "cpe:2.3:a:google:picasa:3.5_build_79.67:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9EB6C044-E022-46E9-9817-31C27A5C8713"
          },
          {
            "criteria": "cpe:2.3:a:google:picasa:3.5_build_79.69:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B3026AF-D4F1-4AA2-84B0-917187D79366"
          },
          {
            "criteria": "cpe:2.3:a:google:picasa:3.5_build_79.74:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72B8D610-9956-42BD-8DAE-163C6A344B15"
          },
          {
            "criteria": "cpe:2.3:a:google:picasa:3.5_build_79.81:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8017BC15-F748-404B-B2E7-0257EDAC2BA6"
          },
          {
            "criteria": "cpe:2.3:a:google:picasa:3.5_build_95.18:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A689F420-7FA4-4DF3-A260-6A6614890B7D"
          },
          {
            "criteria": "cpe:2.3:a:google:picasa:3.6_build_95.25:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24873EF3-61FA-4F92-A373-22D4E7C178C9"
          },
          {
            "criteria": "cpe:2.3:a:google:picasa:3.6_build_105.41:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E6D84A1-0057-4F47-87F0-8DCA324FDF16"
          },
          {
            "criteria": "cpe:2.3:a:google:picasa:3.6_build_105.61:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34BFDFB6-9AF1-4F39-B61E-B6638FB8E0DE"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References