How to Buy
This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote Mac OS X host contains a photo organization application that
is affected by multiple vulnerabilities.
The installed version of Google Picasa is earlier than 3.9 Build
18.104.22.168. As such, it is affected by the following vulnerabilities:
- A buffer underflow vulnerability exists in the
'LZWDecodeCompat' function in the LibTIFF library. An
attacker could exploit this issue through the use of a
specially crafted TIFF image, potentially causing a
denial of service. (CVE-2009-2285)
- A sign-extension flaw exists that is triggered by the
'biBitCount' field that is not properly validated when
processing the BMP color table. An attacker could
exploit this issue though a specially crafted BMP image,
potentially causing a heap-based buffer overflow
resulting in a denial of service or arbitrary code
See also :
Upgrade to Google Picasa 3.9 Build 22.214.171.124 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.3
Public Exploit Available : true
Family: MacOS X Local Security Checks
Nessus Plugin ID: 65926 ()
Bugtraq ID: 3545158613
CVE ID: CVE-2009-2285
Get Nessus Professional to scan unlimited IPs, run compliance checks & more
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.