Google Picasa RAW Image Parsing Multiple Vulnerabilities

Last Update Date: 23 Dec 2013 12:26 Release Date: 23 Dec 2013 3856 Views

RISK: Medium Risk

Medium Risk

TYPE: Clients - Graphics & Design

TYPE: Graphics & Design

Multiple vulnerabilities have been identified in Google Picasa, which can be exploited by malicious people to compromise a user's system.

  1. An integer underflow error within the Picasa3.exe module when parsing JPEG tags can be exploited to cause a heap-based buffer overflow via e.g. a Canon RAW CR2 file containing a JPEG tag with the value greater than 0xFF00 and the size smaller than 2.
  2. An integer overflow error within the Picasa3.exe module when parsing TIFF tags can be exploited to cause a heap-based buffer overflow via e.g. a Canon RAW CR2 file containing a TIFF StripByteCounts tag with an overly large value.
  3. A boundary error within the Picasa3.exe module when parsing TIFF tags can be exploited to cause a memory corruption via e.g. a specially crafted KDC file with model set to "DSLR-A100" and containing multiple sequences of 0x100 and 0x14A TAGs.
  4. An error within the Picasa3.exe module when parsing RAW files can be exploited to cause a stack-based buffer overflow via e.g. a specially crafted KDC file with size exactly equal to 71 bytes.

Impact

  • Remote Code Execution

System / Technologies affected

  • Google Picasa 3.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 3.9.0 Build 137.69 or later.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Splunk Enterprise Data Processing Vulnerability

20 Dec 2013 3576 Views

Next

Apple Motion MOTN Files Processing Integer Overflow Vulnerability

23 Dec 2013 3748 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY