CVE-2011-0192
published 2011-03-03CVE-2011-0192: Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products…
PriorityP344critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
7.47%
93.7th percentile
Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information.
Affected
66 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | itunes | <= 10.1.2 | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3CRITICAL
vendor_redhat9.3CRITICAL
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
tiff vulnerabilities
vendor_ubuntu·2011-03-07·CVSS 4.3
CVE-2010-3087 [MEDIUM] tiff vulnerabilities
Title: tiff vulnerabilities
Summary: Certain applications could be made to run programs as your login if they
opened a specially crafted TIFF file.
Sauli Pahlman discovered that the TIFF library incorrectly handled invalid
td_stripbytecount fields. If a user or automated system were tricked into
opening a specially crafted TIFF image, a remote attacker could crash the
application, leading to a denial of service. This issue only affected
Ubuntu 10.04 LTS and 10.10. (CVE-2010-2482)
Sauli Pahlman discovered that the TIFF library incorrectly handled TIFF
files with an invalid combination of SamplesPerPixel and Photometric
values. If a user or automated system were tricked into opening a specially
crafted TIFF image, a remote attacker could crash the application, leading
to a denial of servi
Red Hat
libtiff: buffer overflow in Fax4Decode
vendor_redhat·2011-03-02·CVSS 9.3
CVE-2011-0192 [CRITICAL] libtiff: buffer overflow in Fax4Decode
libtiff: buffer overflow in Fax4Decode
Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information.
Debian
CVE-2011-0192: tiff - Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as u...
vendor_debian·2011·CVSS 9.3
CVE-2011-0192 [CRITICAL] CVE-2011-0192: tiff - Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as u...
Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information.
Scope: local
bookworm: resolved (fixed in 3.9.4-7)
bullseye: resolved (fixed in 3.9.4-7)
forky: resolved (fixed in 3.9.4-7)
sid: resolved (fixed in 3.9.4-7)
trixie: resolved (fixed in 3.9.4-7)
GHSA
GHSA-8jmv-mmc9-gx7j: Buffer overflow in Fax4Decode in LibTIFF 3
ghsa_unreviewed·2022-05-17
CVE-2011-0192 [HIGH] CWE-119 GHSA-8jmv-mmc9-gx7j: Buffer overflow in Fax4Decode in LibTIFF 3
Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information.
OSV
CVE-2011-0192: Buffer overflow in Fax4Decode in LibTIFF 3
osv·2011-03-03·CVSS 9.3
CVE-2011-0192 [CRITICAL] CVE-2011-0192: Buffer overflow in Fax4Decode in LibTIFF 3
Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-4575 JMX Console: XSS in invoke operation
bugzilla·2011-12-06·CVSS 4.3
CVE-2011-4575 [MEDIUM] CVE-2011-4575 JMX Console: XSS in invoke operation
CVE-2011-4575 JMX Console: XSS in invoke operation
The parameters passed to operation invocations on the JMX console are not properly sanitized. Remote attackers can use this flaw to inject arbitrary web script or HTML into the JMX console.
Discussion:
Acknowledgment:
Red Hat would like to thank Tyler Krpata for reporting this issue.
---
This issue has been addressed in following products:
JBoss Enterprise Application Platform 5.2.0
Via RHSA-2013:0194 https://rhn.redhat.com/errata/RHSA-2013-0194.html
---
This issue has been addressed in following products:
JBEAP 5 for RHEL 5
Via RHSA-2013:0192 https://rhn.redhat.com/errata/RHSA-2013-0192.html
---
This issue has been addressed in following products:
JBEAP 5 for RHEL 6
Via RHSA-2013:0191 https://rhn.redhat.com/errata/RHSA-201
Bugzilla
Regression in libtiff due to CVE-2011-0192 fix
bugzilla·2011-03-18·CVSS 9.3
CVE-2011-0192 [CRITICAL] Regression in libtiff due to CVE-2011-0192 fix
Regression in libtiff due to CVE-2011-0192 fix
This bug is not for a security flaw. It is a tracking bug
for regression introduced due to CVE-2011-0192 fix in libtiff
Discussion:
*** Bug 682883 has been marked as a duplicate of this bug. ***
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Via RHSA-2011:0392 https://rhn.redhat.com/errata/RHSA-2011-0392.html
Bugzilla
CVE-2011-0192 libtiff: buffer overflow in Fax4Decode [fedora-all]
bugzilla·2011-03-02·CVSS 9.3
CVE-2011-0192 [CRITICAL] CVE-2011-0192 libtiff: buffer overflow in Fax4Decode [fedora-all]
CVE-2011-0192 libtiff: buffer overflow in Fax4Decode [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=678635
Please note: this issue affects multiple supporte
Bugzilla
CVE-2011-0192 libtiff: buffer overflow in Fax4Decode
bugzilla·2011-02-18·CVSS 9.3
CVE-2011-0192 [CRITICAL] CVE-2011-0192 libtiff: buffer overflow in Fax4Decode
CVE-2011-0192 libtiff: buffer overflow in Fax4Decode
A heap-based buffer overflow was found in the way TIFF (Tagged Image File
Format) image files manipulating library expanded certain rows of 2D-encoded
data, when processing TIFF Internet Fax image files, compressed with CCITT
group 4 compression algorithm. If an attacker created a specially-crafted
image file and tricked a local, unsuspecting user into loading the image
file in an application that uses the TIFF image manipulating library, it
could cause that application to crash or, potentially, execute arbitrary
code with the privileges of the user running the application.
Discussion:
This issue affects the version of the libtiff package, as shipped
with Red Hat Enterprise Linux 4, 5, and 6.
--
This issue affects the versions of th
http://blackberry.com/btsc/KB27244http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.htmlhttp://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2011//Mar/msg00003.htmlhttp://lists.apple.com/archives/security-announce/2011//Mar/msg00004.htmlhttp://lists.apple.com/archives/security-announce/2011//Mar/msg00005.htmlhttp://lists.apple.com/archives/security-announce/2011/Mar/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2011/Mar/msg00006.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/055240.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/055683.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.htmlhttp://secunia.com/advisories/43585http://secunia.com/advisories/43593http://secunia.com/advisories/43664http://secunia.com/advisories/43934http://secunia.com/advisories/44117http://secunia.com/advisories/44135http://secunia.com/advisories/50726http://security.gentoo.org/glsa/glsa-201209-02.xmlhttp://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820http://support.apple.com/kb/HT4554http://support.apple.com/kb/HT4564http://support.apple.com/kb/HT4565http://support.apple.com/kb/HT4566http://support.apple.com/kb/HT4581http://support.apple.com/kb/HT4999http://support.apple.com/kb/HT5001http://www.debian.org/security/2011/dsa-2210http://www.mandriva.com/security/advisories?name=MDVSA-2011:043http://www.redhat.com/support/errata/RHSA-2011-0318.htmlhttp://www.securityfocus.com/bid/46658http://www.securitytracker.com/id?1025153http://www.vupen.com/english/advisories/2011/0551http://www.vupen.com/english/advisories/2011/0599http://www.vupen.com/english/advisories/2011/0621http://www.vupen.com/english/advisories/2011/0845http://www.vupen.com/english/advisories/2011/0905http://www.vupen.com/english/advisories/2011/0930http://www.vupen.com/english/advisories/2011/0960https://bugzilla.redhat.com/show_bug.cgi?id=678635http://blackberry.com/btsc/KB27244http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.htmlhttp://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2011//Mar/msg00003.htmlhttp://lists.apple.com/archives/security-announce/2011//Mar/msg00004.htmlhttp://lists.apple.com/archives/security-announce/2011//Mar/msg00005.htmlhttp://lists.apple.com/archives/security-announce/2011/Mar/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2011/Mar/msg00006.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/055240.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/055683.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.htmlhttp://secunia.com/advisories/43585http://secunia.com/advisories/43593http://secunia.com/advisories/43664http://secunia.com/advisories/43934http://secunia.com/advisories/44117http://secunia.com/advisories/44135http://secunia.com/advisories/50726http://security.gentoo.org/glsa/glsa-201209-02.xmlhttp://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820http://support.apple.com/kb/HT4554http://support.apple.com/kb/HT4564http://support.apple.com/kb/HT4565http://support.apple.com/kb/HT4566http://support.apple.com/kb/HT4581http://support.apple.com/kb/HT4999http://support.apple.com/kb/HT5001http://www.debian.org/security/2011/dsa-2210http://www.mandriva.com/security/advisories?name=MDVSA-2011:043http://www.redhat.com/support/errata/RHSA-2011-0318.htmlhttp://www.securityfocus.com/bid/46658http://www.securitytracker.com/id?1025153http://www.vupen.com/english/advisories/2011/0551http://www.vupen.com/english/advisories/2011/0599http://www.vupen.com/english/advisories/2011/0621http://www.vupen.com/english/advisories/2011/0845http://www.vupen.com/english/advisories/2011/0905http://www.vupen.com/english/advisories/2011/0930http://www.vupen.com/english/advisories/2011/0960https://bugzilla.redhat.com/show_bug.cgi?id=678635
2011-03-03
Published