Published: 03/03/2011 Updated: 21/02/2014

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes prior to 10.2 on Windows and other products, allows remote malicious users to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple itunes 4.1.0
apple itunes 4.2.0
apple itunes 4.7.1
apple itunes 4.7.2
apple itunes 6.0.1
apple itunes 6.0.2
apple itunes 6.0.3
apple itunes 7.1.0
apple itunes 7.1.1
apple itunes 7.4.1
apple itunes 7.4.2
apple itunes 4.0.0
apple itunes 4.0.1
apple itunes 4.7
apple itunes 4.7.0
apple itunes 5.0.1
apple itunes 6.0.0
apple itunes 7.0.1
apple itunes 7.0.2
apple itunes 7.4
apple itunes 7.4.0
apple itunes 7.6.0
apple itunes 7.6.1
apple itunes 7.6.2
apple itunes 8.1
apple itunes 8.1.1
apple itunes 9.2
apple itunes 9.2.1
apple itunes 7.7
apple itunes 7.7.0
apple itunes 8.2
apple itunes 8.2.1
apple itunes 10.0
apple itunes 10.0.1
apple itunes 4.5
apple itunes 4.5.0
apple itunes 4.8.0
apple itunes 4.9.0
apple itunes 6.0.4
apple itunes 6.0.5
apple itunes 7.2.0
apple itunes 7.3.0
apple itunes 7.4.3
apple itunes 7.5
apple itunes 7.7.1
apple itunes 8.0.0
apple itunes 9.0.0
apple itunes 9.0.1
apple itunes 10.1
apple itunes 10.1.1
apple itunes 4.6
apple itunes 4.6.0
apple itunes 5.0
apple itunes 5.0.0
apple itunes 6.0.4.2
apple itunes 7.0.0
apple itunes 7.3.1
apple itunes 7.3.2
apple itunes 7.5.0
apple itunes 7.6
apple itunes 8.0.1
apple itunes 8.0.2
apple itunes 9.0.2
apple itunes 9.0.3
apple itunes

Several vulnerabilities were discovered in the TIFF manipulation and conversion library: CVE-2011-0191 A buffer overflow allows to execute arbitrary code or cause a denial of service via a crafted TIFF image with JPEG encoding This issue affects the Debian 50 Lenny package only CVE-2011-0192 A buffer overflow allows to execute arbitrary ...

Certain applications could be made to run programs as your login if they opened a specially crafted TIFF file ...

Fix regression in CCITTFAX4 processing ...

CWE-119 http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html http://support.apple.com/kb/HT4554 http://support.apple.com/kb/HT4564 http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html http://support.apple.com/kb/HT4565 http://support.apple.com/kb/HT4566 http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html http://support.apple.com/kb/HT4581 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://www.securityfocus.com/bid/46657 http://secunia.com/advisories/43934 http://www.debian.org/security/2011/dsa-2210 http://www.mandriva.com/security/advisories?name=MDVSA-2011:064 http://www.vupen.com/english/advisories/2011/0845 http://www.vupen.com/english/advisories/2011/0859 http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html https://nvd.nist.gov https://www.debian.org/security/./dsa-2210 https://usn.ubuntu.com/1085-1/

CVE-2011-0191

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect