Google Picasa < 3.9 Build 3.9.14.34 Multiple Vulnerabilities (Mac OS X)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Mac OS X host contains a photo organization application that
is affected by multiple vulnerabilities.

Description :

The installed version of Google Picasa is earlier than 3.9 Build
3.9.14.34. As such, it is affected by the following vulnerabilities:

- A buffer underflow vulnerability exists in the
'LZWDecodeCompat' function in the LibTIFF library. An
attacker could exploit this issue through the use of a
specially crafted TIFF image, potentially causing a
denial of service. (CVE-2009-2285)

- A sign-extension flaw exists that is triggered by the
'biBitCount' field that is not properly validated when
processing the BMP color table. An attacker could
exploit this issue though a specially crafted BMP image,
potentially causing a heap-based buffer overflow
resulting in a denial of service or arbitrary code
execution.

See also :

http://support.google.com/picasa/answer/53209

Solution :

Upgrade to Google Picasa 3.9 Build 3.9.14.34 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: MacOS X Local Security Checks

Nessus Plugin ID: 65926 ()

Bugtraq ID: 35451
58613

CVE ID: CVE-2009-2285