CVE - CVE-2011-0192

CVE-ID
CVE-2011-0192	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:http://support.apple.com/kb/HT4554 CONFIRM:http://support.apple.com/kb/HT4564 CONFIRM:http://support.apple.com/kb/HT4565 CONFIRM:http://support.apple.com/kb/HT4566 CONFIRM:http://support.apple.com/kb/HT4581 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=678635 CONFIRM:http://blackberry.com/btsc/KB27244 CONFIRM:http://support.apple.com/kb/HT4999 CONFIRM:http://support.apple.com/kb/HT5001 APPLE:APPLE-SA-2011-03-02-1 URL:http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html APPLE:APPLE-SA-2011-03-09-1 URL:http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html APPLE:APPLE-SA-2011-03-09-2 URL:http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html APPLE:APPLE-SA-2011-03-09-3 URL:http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html APPLE:APPLE-SA-2011-03-21-1 URL:http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html APPLE:APPLE-SA-2011-10-12-1 URL:http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html APPLE:APPLE-SA-2011-10-12-2 URL:http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html DEBIAN:DSA-2210 URL:http://www.debian.org/security/2011/dsa-2210 FEDORA:FEDORA-2011-2498 URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055683.html FEDORA:FEDORA-2011-2540 URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055240.html FEDORA:FEDORA-2011-3827 URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html FEDORA:FEDORA-2011-3836 URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html GENTOO:GLSA-201209-02 URL:http://security.gentoo.org/glsa/glsa-201209-02.xml MANDRIVA:MDVSA-2011:043 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:043 REDHAT:RHSA-2011:0318 URL:http://www.redhat.com/support/errata/RHSA-2011-0318.html SLACKWARE:SSA:2011-098-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820 SUSE:SUSE-SR:2011:005 URL:http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html SUSE:SUSE-SR:2011:009 URL:http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html BID:46658 URL:http://www.securityfocus.com/bid/46658 SECTRACK:1025153 URL:http://www.securitytracker.com/id?1025153 SECUNIA:43585 URL:http://secunia.com/advisories/43585 SECUNIA:43593 URL:http://secunia.com/advisories/43593 SECUNIA:43664 URL:http://secunia.com/advisories/43664 SECUNIA:43934 URL:http://secunia.com/advisories/43934 SECUNIA:44117 URL:http://secunia.com/advisories/44117 SECUNIA:44135 URL:http://secunia.com/advisories/44135 SECUNIA:50726 URL:http://secunia.com/advisories/50726 VUPEN:ADV-2011-0621 URL:http://www.vupen.com/english/advisories/2011/0621 VUPEN:ADV-2011-0551 URL:http://www.vupen.com/english/advisories/2011/0551 VUPEN:ADV-2011-0599 URL:http://www.vupen.com/english/advisories/2011/0599 VUPEN:ADV-2011-0845 URL:http://www.vupen.com/english/advisories/2011/0845 VUPEN:ADV-2011-0905 URL:http://www.vupen.com/english/advisories/2011/0905 VUPEN:ADV-2011-0930 URL:http://www.vupen.com/english/advisories/2011/0930 VUPEN:ADV-2011-0960 URL:http://www.vupen.com/english/advisories/2011/0960
Assigning CNA
N/A
Date Entry Created
20101223	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20101223)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org