CVE-2011-0191
published 2011-03-03CVE-2011-0191: Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote…
PriorityP341critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
6.72%
93.1th percentile
Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding.
Affected
66 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | itunes | <= 10.1.2 | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3CRITICAL
vendor_redhat9.3CRITICAL
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
tiff regression
vendor_ubuntu·2011-03-15·CVSS 4.3
[MEDIUM] tiff regression
Title: tiff regression
Summary: Fix regression in CCITTFAX4 processing.
USN-1085-1 fixed vulnerabilities in the system TIFF library. The upstream
fixes were incomplete and created problems for certain CCITTFAX4 files.
This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Sauli Pahlman discovered that the TIFF library incorrectly handled invalid
td_stripbytecount fields. If a user or automated system were tricked into
opening a specially crafted TIFF image, a remote attacker could crash the
application, leading to a denial of service. This issue only affected
Ubuntu 10.04 LTS and 10.10. (CVE-2010-2482)
Sauli Pahlman discovered that the TIFF library incorrectly handled TIFF
files with an invalid combination of SamplesPerPixel and Photometric
valu
Ubuntu
tiff vulnerabilities
vendor_ubuntu·2011-03-07·CVSS 4.3
CVE-2010-3087 [MEDIUM] tiff vulnerabilities
Title: tiff vulnerabilities
Summary: Certain applications could be made to run programs as your login if they
opened a specially crafted TIFF file.
Sauli Pahlman discovered that the TIFF library incorrectly handled invalid
td_stripbytecount fields. If a user or automated system were tricked into
opening a specially crafted TIFF image, a remote attacker could crash the
application, leading to a denial of service. This issue only affected
Ubuntu 10.04 LTS and 10.10. (CVE-2010-2482)
Sauli Pahlman discovered that the TIFF library incorrectly handled TIFF
files with an invalid combination of SamplesPerPixel and Photometric
values. If a user or automated system were tricked into opening a specially
crafted TIFF image, a remote attacker could crash the application, leading
to a denial of servi
Red Hat
libtiff: buffer overflow in JPEGDecode
vendor_redhat·2011-03-02·CVSS 9.3
CVE-2011-0191 [CRITICAL] libtiff: buffer overflow in JPEGDecode
libtiff: buffer overflow in JPEGDecode
Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding.
Statement: Not vulnerable. This issue did not affect the versions of libtiff as
shipped with Red Hat Enterprise Linux 4, 5, or 6.
Package: libtiff (Red Hat Enterprise Linux 4) - Not affected
Package: libtiff (Red Hat Enterprise Linux 5) - Not affected
Package: libtiff (Red Hat Enterprise Linux 6) - Not affected
Debian
CVE-2011-0191: tiff - Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO...
vendor_debian·2011·CVSS 9.3
CVE-2011-0191 [CRITICAL] CVE-2011-0191: tiff - Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO...
Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding.
Scope: local
bookworm: resolved (fixed in 3.9.4-1)
bullseye: resolved (fixed in 3.9.4-1)
forky: resolved (fixed in 3.9.4-1)
sid: resolved (fixed in 3.9.4-1)
trixie: resolved (fixed in 3.9.4-1)
GHSA
GHSA-pwgp-gqwq-5w86: Buffer overflow in LibTIFF 3
ghsa_unreviewed·2022-05-17
CVE-2011-0191 [HIGH] CWE-119 GHSA-pwgp-gqwq-5w86: Buffer overflow in LibTIFF 3
Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding.
OSV
CVE-2011-0191: Buffer overflow in LibTIFF 3
osv·2011-03-03·CVSS 9.3
CVE-2011-0191 [CRITICAL] CVE-2011-0191: Buffer overflow in LibTIFF 3
Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-4575 JMX Console: XSS in invoke operation
bugzilla·2011-12-06·CVSS 4.3
CVE-2011-4575 [MEDIUM] CVE-2011-4575 JMX Console: XSS in invoke operation
CVE-2011-4575 JMX Console: XSS in invoke operation
The parameters passed to operation invocations on the JMX console are not properly sanitized. Remote attackers can use this flaw to inject arbitrary web script or HTML into the JMX console.
Discussion:
Acknowledgment:
Red Hat would like to thank Tyler Krpata for reporting this issue.
---
This issue has been addressed in following products:
JBoss Enterprise Application Platform 5.2.0
Via RHSA-2013:0194 https://rhn.redhat.com/errata/RHSA-2013-0194.html
---
This issue has been addressed in following products:
JBEAP 5 for RHEL 5
Via RHSA-2013:0192 https://rhn.redhat.com/errata/RHSA-2013-0192.html
---
This issue has been addressed in following products:
JBEAP 5 for RHEL 6
Via RHSA-2013:0191 https://rhn.redhat.com/errata/RHSA-201
Bugzilla
CVE-2011-0191 libtiff: buffer overflow in JPEGDecode
bugzilla·2011-02-21·CVSS 9.3
CVE-2011-0191 [CRITICAL] CVE-2011-0191 libtiff: buffer overflow in JPEGDecode
CVE-2011-0191 libtiff: buffer overflow in JPEGDecode
A heap-based buffer overflow was found in the way TIFF (Tagged Image File
Format) image files manipulating library parsed certain malformed tiff files.
This can be triggered only if libtiff is compiled with JPEG.
If an attacker created a specially-crafted image file and tricked a local,
unsuspecting user into loading the image file in an application that uses
the TIFF image manipulating library, it could cause that application to
crash or, potentially, execute arbitrary code with the privileges of
the user running the application.
Discussion:
Note:
This bug does not affect the version of libtiff 3.8.X shipped with rhel-5 because libtiff is patched with libtiff-jpeg-scanline.patch, which mitigates the patch.
Upstream bug link:
http:/
http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.htmlhttp://lists.apple.com/archives/security-announce/2011//Mar/msg00004.htmlhttp://lists.apple.com/archives/security-announce/2011//Mar/msg00005.htmlhttp://lists.apple.com/archives/security-announce/2011/Mar/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2011/Mar/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.htmlhttp://secunia.com/advisories/43934http://support.apple.com/kb/HT4554http://support.apple.com/kb/HT4564http://support.apple.com/kb/HT4565http://support.apple.com/kb/HT4566http://support.apple.com/kb/HT4581http://www.debian.org/security/2011/dsa-2210http://www.mandriva.com/security/advisories?name=MDVSA-2011:064http://www.securityfocus.com/bid/46657http://www.vupen.com/english/advisories/2011/0845http://www.vupen.com/english/advisories/2011/0859http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.htmlhttp://lists.apple.com/archives/security-announce/2011//Mar/msg00004.htmlhttp://lists.apple.com/archives/security-announce/2011//Mar/msg00005.htmlhttp://lists.apple.com/archives/security-announce/2011/Mar/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2011/Mar/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.htmlhttp://secunia.com/advisories/43934http://support.apple.com/kb/HT4554http://support.apple.com/kb/HT4564http://support.apple.com/kb/HT4565http://support.apple.com/kb/HT4566http://support.apple.com/kb/HT4581http://www.debian.org/security/2011/dsa-2210http://www.mandriva.com/security/advisories?name=MDVSA-2011:064http://www.securityfocus.com/bid/46657http://www.vupen.com/english/advisories/2011/0845http://www.vupen.com/english/advisories/2011/0859
2011-03-03
Published