Google Blogoscoped


Picasa JPEG processing integer overflow vulnerability reported

Juha-Matti Laurio [PersonRank 10]

Wednesday, February 24, 2010
12 years ago2,129 views

More information via Secunia's advisory at

"Tielei Wang has discovered a vulnerability in Google Picasa, which can be exploited by malicious people to potentially compromise a user's system.

The vulnerability is caused due to an integer overflow error in PicasaPhotoViewer.exe when processing JPEG files. This can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted JPEG file and e.g. zooming in."

The non-affected version is 3.6 build 105.41.

Forum home


Blog  |  Forum     more >> Archive | Feed | Google's blogs | About


This site unofficially covers Google™ and more with some rights reserved. Join our forum!