The bug - confirmed in versions 2.00 through 2.80 - is exploited when a maliciously crafted Tagged Image File Format (TIFF) image is viewed in Photo Viewer, one of PSP's features, according to an advisory from Secunia.
As a temporary fix for the flaw, rated "moderately critical," users should not view untrusted images, the advisory said.
The PSP, which went on sale in the United States in March 2005, can connect to wireless networks, allowing access the internet and the ability to compete against other players across the world.
A Sony spokesperson could not be immediately reached for comment.
As mobile devices continue to grow in popularity, they increasingly will be targeted by hackers, experts have said. McAfee Avert Labs predicted last December that mobile malware would triple in 2006.
Click here to email reporter Dan Kaplan.