Google Picasa JPEG Image Processing Integer Overflow Vulnerability

Google Picasa is prone to a remote integer-overflow vulnerability.
An attacker can exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts will result in a denial-of-service condition.

Vulnerable:  Google Picasa 3.6 Build 95.25
Not Vulnerable:  Google Picasa 3.6 Build 105.41

Solution:
Reportedly the vendor has released Picasa 3.6 Build 105.41 to address this issue but Symantec was unable to confirm this information. Please contact the vendor for more information.

http://www.securityfocus.com/bid/38384/discuss

The non-vulnerable version was released yesterday.

Leave a Reply