CVE-2011-0192
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
9.6 High
AI Score
Confidence
High
0.048 Low
EPSS
Percentile
92.7%
Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information.
Affected configurations
References
blackberry.com/btsc/KB27244
lists.apple.com/archives/security-announce/2011//Mar/msg00003.html
lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
lists.apple.com/archives/security-announce/2011//Mar/msg00005.html
lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html
lists.apple.com/archives/security-announce/2011/Mar/msg00000.html
lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html
lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html
lists.fedoraproject.org/pipermail/package-announce/2011-March/055240.html
lists.fedoraproject.org/pipermail/package-announce/2011-March/055683.html
lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
secunia.com/advisories/43585
secunia.com/advisories/43593
secunia.com/advisories/43664
secunia.com/advisories/43934
secunia.com/advisories/44117
secunia.com/advisories/44135
secunia.com/advisories/50726
security.gentoo.org/glsa/glsa-201209-02.xml
slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820
support.apple.com/kb/HT4554
support.apple.com/kb/HT4564
support.apple.com/kb/HT4565
support.apple.com/kb/HT4566
support.apple.com/kb/HT4581
support.apple.com/kb/HT4999
support.apple.com/kb/HT5001
www.debian.org/security/2011/dsa-2210
www.mandriva.com/security/advisories?name=MDVSA-2011:043
www.redhat.com/support/errata/RHSA-2011-0318.html
www.securityfocus.com/bid/46658
www.securitytracker.com/id?1025153
www.vupen.com/english/advisories/2011/0551
www.vupen.com/english/advisories/2011/0599
www.vupen.com/english/advisories/2011/0621
www.vupen.com/english/advisories/2011/0845
www.vupen.com/english/advisories/2011/0905
www.vupen.com/english/advisories/2011/0930
www.vupen.com/english/advisories/2011/0960
bugzilla.redhat.com/show_bug.cgi?id=678635
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
9.6 High
AI Score
Confidence
High
0.048 Low
EPSS
Percentile
92.7%