PROBLEM:
Two vulnerabilities have been discovered in Google Picasa
PLATFORM:
Google Picasa Version 3.9.0 build 136.09 for Windows/3.9.14.34 for Mac
ABSTRACT:
Two vulnerabilities have been discovered in Google Picasa, which can be exploited by malicious people to compromise a user's system.
REFERENCE LINKS:
Secunia Advisory SA51652
Picasa Release Notes
IMPACT ASSESSMENT:
High
DISCUSSION:
1) A sign extension error when processing the color table of a BMP image can be exploited to cause a heap-based buffer overflow via a BMP image with a specially crafted "biBitCount" field.
2) The application bundles a vulnerable version of LibTIFF.
IMPACT:
Successful exploitation may allow execution of arbitrary code.
SOLUTION:
The vendor recommends updating to latest build