Google Picasa < 3.9 Build Multiple Vulnerabilities (Mac OS X)

This script is Copyright (C) 2013 Tenable Network Security, Inc.

Synopsis :

The remote Mac OS X host contains a photo organization application that
is affected by multiple vulnerabilities.

Description :

The installed version of Google Picasa is earlier than 3.9 Build As such, it is affected by the following vulnerabilities:

- A buffer underflow vulnerability exists in the
'LZWDecodeCompat' function in the LibTIFF library. An
attacker could exploit this issue through the use of a
specially crafted TIFF image, potentially causing a
denial of service. (CVE-2009-2285)

- A sign-extension flaw exists that is triggered by the
'biBitCount' field that is not properly validated when
processing the BMP color table. An attacker could
exploit this issue though a specially crafted BMP image,
potentially causing a heap-based buffer overflow
resulting in a denial of service or arbitrary code

See also :

Solution :

Upgrade to Google Picasa 3.9 Build or later.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.3
Public Exploit Available : true

Family: MacOS X Local Security Checks

Nessus Plugin ID: 65926 ()

Bugtraq ID: 35451

CVE ID: CVE-2009-2285