You are here

V-116: Google Picasa BMP and TIFF Images Processing Vulnerabilities

March 21, 2013 - 6:00am

Addthis

PROBLEM:

Two vulnerabilities have been discovered in Google Picasa

PLATFORM:

Google Picasa Version 3.9.0 build 136.09 for Windows/3.9.14.34 for Mac

ABSTRACT:

Two vulnerabilities have been discovered in Google Picasa, which can be exploited by malicious people to compromise a user's system.

REFERENCE LINKS:

Secunia Advisory SA51652
Picasa Release Notes

IMPACT ASSESSMENT:

High

DISCUSSION:

1) A sign extension error when processing the color table of a BMP image can be exploited to cause a heap-based buffer overflow via a BMP image with a specially crafted "biBitCount" field.

2) The application bundles a vulnerable version of LibTIFF.

IMPACT:

Successful exploitation may allow execution of arbitrary code.

SOLUTION:

The vendor recommends updating to latest build

Addthis