Description
Google Picasa before 3.6 Build 105.67 does not properly handle invalid properties in JPEG images, which allows remote attackers to execute arbitrary code via a crafted image file.
Affected products
- Google / picasa3.6_build_105.65
- Google / picasa3.5 – 3.5
- Google / picasa3.5_build_79.67 – 3.5_build_79.67
- Google / picasa3.5_build_79.69 – 3.5_build_79.69
- Google / picasa3.5_build_79.74 – 3.5_build_79.74
- Google / picasa3.5_build_79.81 – 3.5_build_79.81
- Google / picasa3.5_build_95.18 – 3.5_build_95.18
- Google / picasa3.6_build_95.25 – 3.6_build_95.25
- Google / picasa3.6_build_105.41 – 3.6_build_105.41
- Google / picasa3.6_build_105.61 – 3.6_build_105.61
References
- MISChttp://osvdb.org/73980
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/68735
- VENDOR_ADVISORYhttp://secunia.com/advisories/45293
- MISChttp://picasa.google.com/support/bin/static.py?hl=en&page=release_notes.cs&from=53209&rd=1
- MISChttp://www.microsoft.com/technet/security/advisory/msvr11-008.mspx