CVE-2011-0191 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Tiff

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents7 sources

Severity

9.3CRITICALNVD

EPSS

18.9%

top 4.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Tiff Apple Itunes

Timeline

PublishedMar 3

Latest updateMay 17

Description

Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDapple/itunes10.1.2+64

▶debiandebian/tiff< tiff 3.9.4-1 (bookworm)

Patches

Patch: lists.apple.com ↗Patch: lists.apple.com ↗

🔴Vulnerability Details

GHSA

GHSA-pwgp-gqwq-5w86: Buffer overflow in LibTIFF 3↗2022-05-17

▶

OSV

CVE-2011-0191: Buffer overflow in LibTIFF 3↗2011-03-03

▶

📋Vendor Advisories

Ubuntu

tiff regression↗2011-03-15

▶

Ubuntu

tiff vulnerabilities↗2011-03-07

▶

Red Hat

libtiff: buffer overflow in JPEGDecode↗2011-03-02

▶

Debian

CVE-2011-0191: tiff - Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO...↗2011

▶

💬Community

Bugzilla

CVE-2011-4575 JMX Console: XSS in invoke operation↗2011-12-06

▶

Bugzilla

CVE-2011-0191 libtiff: buffer overflow in JPEGDecode↗2011-02-21

▶