Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Google Picasa RAW Image Parsing Multiple Vulnerabilities

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Vulnerabilities

See the original Secunia advisory:
Google Picasa RAW Image Parsing Multiple Vulnerabilities

Secunia Google Picasa RAW Image Parsing Multiple Vulnerabilities
Secunia Official 31st Dec, 2013 12:43
Ranking: 0
Posts: 0
User Since: -
System Score: -
Location: Copenhagen, DK
Secunia Research has discovered multiple vulnerabilities in Google Picasa, which can be exploited by malicious people to compromise a user's system.

1) An integer underflow error within the Picasa3.exe module when parsing JPEG tags can be exploited to cause a heap-based buffer overflow via e.g. a Canon RAW CR2 file containing a JPEG tag with the value greater than 0xFF00 and the size smaller than 2.

2) An integer overflow error within the Picasa3.exe module when parsing TIFF tags can be exploited to cause a heap-based buffer overflow via e.g. a Canon RAW CR2 file containing a TIFF StripByteCounts tag with an overly large value.

3) A boundary error within the Picasa3.exe module when parsing TIFF tags can be exploited to cause a memory corruption via e.g. a specially crafted KDC file with model set to "DSLR-A100" and containing multiple sequences of 0x100 and 0x14A TAGs.

4) An error within the Picasa3.exe module when parsing RAW files can be exploited to cause a stack-based buffer overflow via e.g. a specially crafted KDC file with size exactly equal to 71 bytes.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

The vulnerabilities are confirmed in version 3.9.0 Build 136.20 running on Windows and reported in versions prior to 3.9.0 Build 137.69 running on Mac. Prior versions may also be affected.

Yossarian RE: Google Picasa RAW Image Parsing Multiple Vulnerabilities
Member 31st Dec, 2013 12:43
Score: 3
Posts: 4
User Since: 27th Nov 2010
System Score: 97%
Location: UK
Last edited on 31st Dec, 2013 12:43
The solution given here seems to apply only to Apple Macs.

--
Yossarian
Where was that stooped and mealy-colored old man I used to call poppa when the merry-go-round broke down?
Was this reply relevant?
+0
-0
Maurice Joyce RE: Google Picasa RAW Image Parsing Multiple Vulnerabilities
Handling Contributor 31st Dec, 2013 13:52
Score: 11744
Posts: 9,002
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 2nd Jan, 2014 10:07
You are not reading the advisory correctly.

https://secunia.com/advisories/55555

Google solution for Windows is here:

https://1ncuig.bn1.livefilestore.com/y2pFB9nD0UGei...

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+2
-0


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer