Detections
Analytics

CVE-2011-0192

high

Description

Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information.

References

http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html

http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html

http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html

http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html

http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html

http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html

http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055240.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055683.html

http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html

https://bugzilla.redhat.com/show_bug.cgi?id=678635

http://secunia.com/advisories/43585

http://secunia.com/advisories/43593

http://secunia.com/advisories/43664

http://secunia.com/advisories/43934

http://secunia.com/advisories/44117

http://secunia.com/advisories/44135

http://secunia.com/advisories/50726

http://security.gentoo.org/glsa/glsa-201209-02.xml

http://support.apple.com/kb/HT4554

http://support.apple.com/kb/HT4564

http://support.apple.com/kb/HT4565

http://support.apple.com/kb/HT4566

http://support.apple.com/kb/HT4581

http://support.apple.com/kb/HT4999

http://support.apple.com/kb/HT5001

http://www.debian.org/security/2011/dsa-2210

http://www.mandriva.com/security/advisories?name=MDVSA-2011:043

http://www.redhat.com/support/errata/RHSA-2011-0318.html

http://www.securitytracker.com/id?1025153

http://www.vupen.com/english/advisories/2011/0551

http://www.vupen.com/english/advisories/2011/0599

http://www.vupen.com/english/advisories/2011/0621

http://www.vupen.com/english/advisories/2011/0845

http://www.vupen.com/english/advisories/2011/0905

http://www.vupen.com/english/advisories/2011/0930

http://www.vupen.com/english/advisories/2011/0960

Details

Published: 2011-03-03

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High