en

‫ Google Picasa Phase One Tags Processing Integer Overflow Vulnerability


ID: IRCAD2015104107

Release Date: 2015-10-09

Software:

Google Picasa 3.x

Description:

Secunia Research has discovered a vulnerability in Google Picasa, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an integer overflow error when processing data related to phase one 0x412 tag and can be exploited to cause a heap-based buffer overflow.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in versions 3.9.140 Build 239 and 3.9.140 Build 248 running on Windows. Other versions may also be affected.

Solution

The vendor is currently planning to release a fixed version on 30th October, 2015.

References:

https://support.google.com/picasa/answer/53209?hl=en

Secunia:

https://secunia.com/advisories/59000/

 

 

 


The Wall

No comments
You need to sign in to comment