Google Picasa < 3.9 Build 137.119 Multiple Vulnerabilities (Mac OS X)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote Mac OS X host contains a photo organization application
that is affected by multiple vulnerabilities.

Description :

The version of Google Picasa installed on the remote host is earlier
than 3.9 Build 137.119. As such, it is affected by the following
vulnerabilities :

- An integer underflow vulnerability exists when parsing
Canon RAW CR2 files containing a JPEG tag with the value
greater than 0xFF00 and the size smaller than 2.
(CVE-2013-5349)

- An integer overflow vulnerability exists due to parsing
Canon RAW CR2 files with excessively large
'StripByteCounts' TIFF tag. (CVE-2013-5357)

- A memory corruption vulnerability exists due to a
boundary error when parsing TIFF tags with the model set
to 'DSLR-A100' and containing multiple sequences of
0x100 and 0x14A tags. (CVE-2013-5358)

- A buffer overflow vulnerability exists due to an error
when parsing a specially crafted KDC file with a size
of 71 bytes. (CVE-2013-5359)

Exploitation of these vulnerabilities could result in a denial of
service or arbitrary code execution.

See also :

http://support.google.com/picasa/answer/53209
http://secunia.com/secunia_research/2013-14/

Solution :

Upgrade to Picasa 3.9.0 Build 137.119 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: MacOS X Local Security Checks

Nessus Plugin ID: 71898 ()

Bugtraq ID: 64466
64467
64468
64470

CVE ID: CVE-2013-5349
CVE-2013-5357
CVE-2013-5358
CVE-2013-5359