CVE-2011-0192

HIGH

Description

Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information.

References

http://blackberry.com/btsc/KB27244

http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html

http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html

http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html

http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html

http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html

http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html

http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055240.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055683.html

http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html

http://secunia.com/advisories/43585

http://secunia.com/advisories/43593

http://secunia.com/advisories/43664

http://secunia.com/advisories/43934

http://secunia.com/advisories/44117

http://secunia.com/advisories/44135

http://secunia.com/advisories/50726

http://security.gentoo.org/glsa/glsa-201209-02.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820

http://support.apple.com/kb/HT4554

http://support.apple.com/kb/HT4564

http://support.apple.com/kb/HT4565

http://support.apple.com/kb/HT4566

http://support.apple.com/kb/HT4581

http://support.apple.com/kb/HT4999

http://support.apple.com/kb/HT5001

http://www.debian.org/security/2011/dsa-2210

http://www.mandriva.com/security/advisories?name=MDVSA-2011:043

http://www.redhat.com/support/errata/RHSA-2011-0318.html

http://www.securityfocus.com/bid/46658

http://www.securitytracker.com/id?1025153

http://www.vupen.com/english/advisories/2011/0551

http://www.vupen.com/english/advisories/2011/0599

http://www.vupen.com/english/advisories/2011/0621

http://www.vupen.com/english/advisories/2011/0845

http://www.vupen.com/english/advisories/2011/0905

http://www.vupen.com/english/advisories/2011/0930

http://www.vupen.com/english/advisories/2011/0960

https://bugzilla.redhat.com/show_bug.cgi?id=678635

Details

Source: MITRE

Published: 2011-03-03

Updated: 2014-02-21

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH