CVE - CVE-2011-0192

CVE-ID
CVE-2011-0192	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
APPLE:APPLE-SA-2011-03-02-1 URL:http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html APPLE:APPLE-SA-2011-03-09-1 URL:http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html APPLE:APPLE-SA-2011-03-09-2 URL:http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html APPLE:APPLE-SA-2011-03-09-3 URL:http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html APPLE:APPLE-SA-2011-03-21-1 URL:http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html APPLE:APPLE-SA-2011-10-12-1 URL:http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html APPLE:APPLE-SA-2011-10-12-2 URL:http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html BID:46658 URL:http://www.securityfocus.com/bid/46658 CONFIRM:http://blackberry.com/btsc/KB27244 CONFIRM:http://support.apple.com/kb/HT4554 CONFIRM:http://support.apple.com/kb/HT4564 CONFIRM:http://support.apple.com/kb/HT4565 CONFIRM:http://support.apple.com/kb/HT4566 CONFIRM:http://support.apple.com/kb/HT4581 CONFIRM:http://support.apple.com/kb/HT4999 CONFIRM:http://support.apple.com/kb/HT5001 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=678635 DEBIAN:DSA-2210 URL:http://www.debian.org/security/2011/dsa-2210 FEDORA:FEDORA-2011-2498 URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055683.html FEDORA:FEDORA-2011-2540 URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055240.html FEDORA:FEDORA-2011-3827 URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html FEDORA:FEDORA-2011-3836 URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html GENTOO:GLSA-201209-02 URL:http://security.gentoo.org/glsa/glsa-201209-02.xml MANDRIVA:MDVSA-2011:043 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:043 REDHAT:RHSA-2011:0318 URL:http://www.redhat.com/support/errata/RHSA-2011-0318.html SECTRACK:1025153 URL:http://www.securitytracker.com/id?1025153 SECUNIA:43585 URL:http://secunia.com/advisories/43585 SECUNIA:43593 URL:http://secunia.com/advisories/43593 SECUNIA:43664 URL:http://secunia.com/advisories/43664 SECUNIA:43934 URL:http://secunia.com/advisories/43934 SECUNIA:44117 URL:http://secunia.com/advisories/44117 SECUNIA:44135 URL:http://secunia.com/advisories/44135 SECUNIA:50726 URL:http://secunia.com/advisories/50726 SLACKWARE:SSA:2011-098-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820 SUSE:SUSE-SR:2011:005 URL:http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html SUSE:SUSE-SR:2011:009 URL:http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html VUPEN:ADV-2011-0551 URL:http://www.vupen.com/english/advisories/2011/0551 VUPEN:ADV-2011-0599 URL:http://www.vupen.com/english/advisories/2011/0599 VUPEN:ADV-2011-0621 URL:http://www.vupen.com/english/advisories/2011/0621 VUPEN:ADV-2011-0845 URL:http://www.vupen.com/english/advisories/2011/0845 VUPEN:ADV-2011-0905 URL:http://www.vupen.com/english/advisories/2011/0905 VUPEN:ADV-2011-0930 URL:http://www.vupen.com/english/advisories/2011/0930 VUPEN:ADV-2011-0960 URL:http://www.vupen.com/english/advisories/2011/0960
Assigning CNA
Apple Inc.
Date Record Created
20101223	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20101223)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)