Google Picasa < 3.9 Build 136.17 Multiple Vulnerabilities

This script is Copyright (C) 2013 Tenable Network Security, Inc.

Synopsis :

The photo organizer running on the remote Windows host has multiple

Description :

The version of Google Picasa running on the remote host is earlier than
3.9 Build 136.17. As such, it is affected by the following

- A buffer underflow vulnerability exists in the
'LZWDecodeCompat' function in the LibTIFF library. An
attacker could exploit this issue through the use of a
specially crafted TIFF image, potentially causing a
denial of service. (CVE-2009-2285)

- A sign-extension flaw exists that is triggered by the
'biBitCount' field that is not properly validated when
processing the BMP color table. An attacker could
exploit this issue though a specially crafted BMP image,
potentially causing a heap-based buffer overflow
resulting in a denial of service or arbitrary code

See also :

Solution :

Upgrade to Picasa 3.9.0 build 136.17 or later.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.3
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 65925 ()

Bugtraq ID: 35451

CVE ID: CVE-2009-2285

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now