Google Picasa JPEG Processing Integer Overflow Vulnerability Date: Wednesday, February 24, 2010 @ 21:35:15 CST Topic: Security SECUNIA ADVISORY ID: SA38435 VERIFY ADVISORY: http://secunia.com/advisories/38435/ CRITICAL: Moderately Critical DESCRIPTION: Tielei Wang has discovered a vulnerability in Google Picasa, which can be exploited by malicious people to potentially compromise a user's system. Successful exploitation may allow execution of arbitrary code. The vulnerability is caused due to an integer overflow error in PicasaPhotoViewer.exe when processing JPEG files. This can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted JPEG file and e.g. zooming in. The vulnerability is confirmed in PicasaPhotoViewer.exe version 3.6.95.25, included in Google Picasa 3.6 build 95.25. Prior versions may also be affected. SOLUTION: Update to version 3.6 build 105.41. PROVIDED AND/OR DISCOVERED BY: Tielei Wang from ICST-ERCIS, reported through Secunia This article comes from Ravens PHP Scripts https://www.ravenphpscripts.com The URL for this story is: https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3791