This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote Mac OS X host contains a photo organization application that
is affected by multiple vulnerabilities.
The installed version of Google Picasa is earlier than 3.9 Build
220.127.116.11. As such, it is affected by the following vulnerabilities:
- A buffer underflow vulnerability exists in the
'LZWDecodeCompat' function in the LibTIFF library. An
attacker could exploit this issue through the use of a
specially crafted TIFF image, potentially causing a
denial of service. (CVE-2009-2285)
- A sign-extension flaw exists that is triggered by the
'biBitCount' field that is not properly validated when
processing the BMP color table. An attacker could
exploit this issue though a specially crafted BMP image,
potentially causing a heap-based buffer overflow
resulting in a denial of service or arbitrary code
See also :
Upgrade to Google Picasa 3.9 Build 18.104.22.168 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.3
Public Exploit Available : true