Two vulnerabilities have been discovered in Google Picasa
Google Picasa Version 3.9.0 build 136.09 for Windows/18.104.22.168 for Mac
Two vulnerabilities have been discovered in Google Picasa, which can be exploited by malicious people to compromise a user's system.
1) A sign extension error when processing the color table of a BMP image can be exploited to cause a heap-based buffer overflow via a BMP image with a specially crafted "biBitCount" field.
2) The application bundles a vulnerable version of LibTIFF.
Successful exploitation may allow execution of arbitrary code.
The vendor recommends updating to latest build