CVE-2011-2747

CWE-94 — Code Injection3 documents3 sources

Severity

9.3CRITICAL

EPSS

3.3%

top 12.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Picasa

Timeline

PublishedJul 28

Latest updateMay 17

Description

Google Picasa before 3.6 Build 105.67 does not properly handle invalid properties in JPEG images, which allows remote attackers to execute arbitrary code via a crafted image file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDgoogle/picasa3.6_build_105.65+9

🔴Vulnerability Details

GHSA

GHSA-h67c-8mc7-vvqr: Google Picasa before 3↗2022-05-17

▶

CVEList

CVE-2011-2747: Google Picasa before 3↗2011-07-28

▶