This page lists publicly disclosed CVE vulnerabilities affecting google picasa (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2015-8221 | Integer overflow in Google Picasa before 3.9.140 Build 259 allows remote attackers to execute arbitrary code via the CAMF section in a FOVb image, which triggers a heap-based buffer overflow. | [email protected] | 10.0 | 3.99% | 2015-11-17 | 2026-05-06 |
| CVE-2015-8096 | Integer overflow in Google Picasa 3.9.140 Build 239 and Build 248 allows remote attackers to execute arbitrary code via unspecified vectors related to "phase one 0x412 tag," which triggers a heap-based buffer overflow. | [email protected] | 10.0 | 4.02% | 2015-11-09 | 2026-05-06 |
| CVE-2013-5359 | Stack-based buffer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 might allow remote attackers to execute arbitrary code via a crafted RAW file, as demonstrated using a KDC file with a certain size. | [email protected] | 7.5 | 2.30% | 2014-01-09 | 2026-04-29 |
| CVE-2013-5358 | Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to trigger memory corruption via a crafted TIFF tag, as demonstrated using a KDC file with a DSLR-A100 model and certain sequences of tags. | [email protected] | 7.5 | 1.27% | 2014-01-09 | 2026-04-29 |
| CVE-2013-5357 | Integer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to execute arbitrary code via a long TIFF tag that triggers a heap-based buffer overflow, as demonstrated using a Canon RAW CR2 file with a long TIFF StripByteCounts tag. | [email protected] | 7.5 | 2.30% | 2014-01-09 | 2026-04-29 |
| CVE-2013-5349 | Integer underflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to execute arbitrary code via a crafted JPEG tag that triggers a heap-based buffer overflow, as demonstrated using a Canon RAW CR2 file with a large JPEG tag value and a small size. | [email protected] | 7.5 | 2.30% | 2014-01-09 | 2026-04-29 |
| CVE-2011-2747 | Google Picasa before 3.6 Build 105.67 does not properly handle invalid properties in JPEG images, which allows remote attackers to execute arbitrary code via a crafted image file. | [email protected] | 9.3 | 4.29% | 2011-07-28 | 2026-04-29 |
| CVE-2011-0458 | Untrusted search path vulnerability in the Locate on Disk feature in Google Picasa before 3.8 allows local users to gain privileges via a Trojan horse executable file in the current working directory. | [email protected] | 6.9 | 0.32% | 2011-03-28 | 2026-04-29 |
| CVE-2007-4847 | Google Picasa allows remote attackers to read image files stored by Picasa via unspecified vectors involving a picasa:// URI. NOTE: this information is based upon a vague pre-advisory. | [email protected] | 5.0 | 0.53% | 2007-09-12 | 2026-04-23 |
| CVE-2007-4824 | Multiple cross-application scripting (XAS) vulnerabilities in Google Picasa have unspecified attack vectors and impact. NOTE: this information is based upon a vague pre-advisory. | [email protected] | 6.8 | 0.44% | 2007-09-11 | 2026-04-23 |
| CVE-2007-4823 | Multiple buffer overflows in Google Picasa have unspecified attack vectors and impact. NOTE: this information is based upon a vague pre-advisory. | [email protected] | 7.5 | 0.47% | 2007-09-11 | 2026-04-23 |