Google Picasa < 3.9 Build 137.119 Multiple Vulnerabilities (Mac OS X)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Synopsis :

The remote Mac OS X host contains a photo organization application
that is affected by multiple vulnerabilities.

Description :

The version of Google Picasa installed on the remote host is earlier
than 3.9 Build 137.119. As such, it is affected by the following
vulnerabilities :

- An integer underflow vulnerability exists when parsing
Canon RAW CR2 files containing a JPEG tag with the value
greater than 0xFF00 and the size smaller than 2.

- An integer overflow vulnerability exists due to parsing
Canon RAW CR2 files with excessively large
'StripByteCounts' TIFF tag. (CVE-2013-5357)

- A memory corruption vulnerability exists due to a
boundary error when parsing TIFF tags with the model set
to 'DSLR-A100' and containing multiple sequences of
0x100 and 0x14A tags. (CVE-2013-5358)

- A buffer overflow vulnerability exists due to an error
when parsing a specially crafted KDC file with a size
of 71 bytes. (CVE-2013-5359)

Exploitation of these vulnerabilities could result in a denial of
service or arbitrary code execution.

See also :

Solution :

Upgrade to Picasa 3.9.0 Build 137.119 or later.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : false

Family: MacOS X Local Security Checks

Nessus Plugin ID: 71898 ()

Bugtraq ID: 64466

CVE ID: CVE-2013-5349

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now