CVE-2011-0192
iTunes < 10.2 - Remote Code Execution via Crafted TIFF Internet Fax Image
Title source: llmDescription
Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information.
References (43)
Core 43
Core References
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4565
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0845
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4564
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0599
Vendor Advisory vendor-advisory
x_refsource_slackware
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/46658
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43934
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055683.html
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4566
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0621
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0905
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2011/dsa-2210
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
Various Sources x_refsource_confirm
http://blackberry.com/btsc/KB27244
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0318.html
Patch, Vendor Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43664
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0551
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201209-02.xml
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0930
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4999
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=678635
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1025153
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT5001
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4554
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/44135
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0960
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43585
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/44117
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:043
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43593
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055240.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/50726
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4581
Scores
EPSS
0.0747
EPSS Percentile
93.8%
Details
CWE
CWE-119
Status
published
Products (50)
apple/itunes
4.0.0
apple/itunes
4.0.1
apple/itunes
4.1.0
apple/itunes
4.2.0
apple/itunes
4.5
apple/itunes
4.5.0
apple/itunes
4.6
apple/itunes
4.6.0
apple/itunes
4.7
apple/itunes
4.7.0
... and 40 more
Published
Mar 03, 2011
Tracked Since
Feb 18, 2026