Home > Vulnerability Database > CVE-2011-0192

Mend.io Vulnerability Database

CVE-2011-0192

Good to know:

Date: March 3, 2011

Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information.

Language: C

Severity Score

8.1

Related Resources (46)

Url: http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html

Url: http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html

Url: http://blackberry.com/btsc/KB27244

Url: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055683.html

Url: http://www.redhat.com/support/errata/RHSA-2011-0318.html

Url: http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html

Url: http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

Url: http://support.apple.com/kb/HT4581

Url: http://secunia.com/advisories/44135

Url: http://secunia.com/advisories/43585

Url: http://www.vupen.com/english/advisories/2011/0930

Url: http://www.vupen.com/english/advisories/2011/0599

Url: http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html

Url: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html

Url: http://support.apple.com/kb/HT4565

Url: http://support.apple.com/kb/HT4564

Url: http://secunia.com/advisories/50726

Url: http://support.apple.com/kb/HT4566

Url: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html

Url: http://www.debian.org/security/2011/dsa-2210

Url: http://security.gentoo.org/glsa/glsa-201209-02.xml

Url: http://secunia.com/advisories/44117

Url: http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html

Url: http://secunia.com/advisories/43664

Url: http://www.vupen.com/english/advisories/2011/0551

Url: http://support.apple.com/kb/HT5001

Url: http://www.securityfocus.com/bid/46658

Url: http://www.vupen.com/english/advisories/2011/0905

Url: http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2011-0192

Url: https://bugzilla.redhat.com/show_bug.cgi?id=678635

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820

Url: http://secunia.com/advisories/43593

Url: http://www.vupen.com/english/advisories/2011/0621

Url: http://support.apple.com/kb/HT4999

Url: http://support.apple.com/kb/HT4554

Url: http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2011:043

Url: http://www.securitytracker.com/id?1025153

Url: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055240.html

Url: http://www.vupen.com/english/advisories/2011/0845

Url: http://secunia.com/advisories/43934

Url: http://www.vupen.com/english/advisories/2011/0960

Url: http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html

Url: https://access.redhat.com/security/cve/CVE-2011-0192

Url: https://www.mend.io/vulnerability-database/CVE-2011-0192

Severity Score

8.1

Weakness Type (CWE)

Buffer Errors

CWE-119

Top Fix

Upgrade Version

Upgrade to version Release-v4-0-0beta7

Learn More

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	9.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2011-0192

Good to know:

Date: March 3, 2011

Language: C

Severity Score

Related Resources (46)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?