Ravens PHP Scripts

Google Picasa JPEG Processing Integer Overflow Vulnerability
Date: Wednesday, February 24, 2010 @ 21:35:15 PST
Topic: Security


SECUNIA ADVISORY ID: SA38435

VERIFY ADVISORY: http://secunia.com/advisories/38435/

CRITICAL: Moderately Critical

DESCRIPTION: Tielei Wang has discovered a vulnerability in Google Picasa, which can be exploited by malicious people to potentially compromise a user's system. Successful exploitation may allow execution of arbitrary code.



The vulnerability is caused due to an integer overflow error in PicasaPhotoViewer.exe when processing JPEG files. This can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted JPEG file and e.g. zooming in. The vulnerability is confirmed in PicasaPhotoViewer.exe version 3.6.95.25, included in Google Picasa 3.6 build 95.25. Prior versions may also be affected.

SOLUTION: Update to version 3.6 build 105.41.

PROVIDED AND/OR DISCOVERED BY: Tielei Wang from ICST-ERCIS, reported through Secunia






This article comes from Ravens PHP Scripts
http://www.ravenphpscripts.com

The URL for this story is:
http://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3791