Google Picasa < 3.9 Build 137.69 Multiple Vulnerabilities

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

A photo organizer installed on the remote Windows host has multiple
vulnerabilities.

Description :

The version of Google Picasa installed on the remote host is earlier
than 3.9 Build 137.69. As such, it is affected by the following
vulnerabilities in the main executable (Picasa3.exe) :

- An integer underflow vulnerability exists when parsing
Canon RAW CR2 files containing a JPEG tag with the value
greater than 0xFF00 and the size smaller than 2.
(CVE-2013-5349)

- An integer overflow vulnerability exists due to parsing
Canon RAW CR2 files with excessively large
'StripByteCounts' TIFF tag. (CVE-2013-5357)

- A memory corruption vulnerability exists due to a
boundary error when parsing TIFF tags with the model set
to 'DSLR-A100' and containing multiple sequences of
0x100 and 0x14A tags. (CVE-2013-5358)

- A buffer overflow vulnerability exists due to an error
when parsing a specially crafted KDC file with a size
of 71 bytes. (CVE-2013-5359)

Exploitation of these vulnerabilities could result in a denial of
service or arbitrary code execution.

See also :

http://support.google.com/picasa/answer/53209
http://secunia.com/secunia_research/2013-14/

Solution :

Upgrade to Picasa 3.9.0 Build 137.69 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 71897 ()

Bugtraq ID: 64466
64467
64468
64470

CVE ID: CVE-2013-5349
CVE-2013-5357
CVE-2013-5358
CVE-2013-5359

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now