[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

95906

 
 

909

 
 

77986

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2011-0192

Date: (C)2011-03-03   (M)2017-05-05
 
CVSS Score: 9.3Access Vector: NETWORK
Exploitability Subscore: 8.6Access Complexity: MEDIUM
Impact Subscore: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE











Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information.

Reference:
SECTRACK-1025153
SECUNIA-43585
SECUNIA-43593
SECUNIA-43664
SECUNIA-43934
SECUNIA-44117
SECUNIA-44135
BID-46658
SECUNIA-50726
ADV-2011-0551
ADV-2011-0599
ADV-2011-0621
ADV-2011-0845
ADV-2011-0905
ADV-2011-0930
ADV-2011-0960
APPLE-SA-2011-03-02-1
APPLE-SA-2011-03-09-1
APPLE-SA-2011-03-09-2
APPLE-SA-2011-03-09-3
APPLE-SA-2011-03-21-1
APPLE-SA-2011-10-12-1
APPLE-SA-2011-10-12-2
DSA-2210
FEDORA-2011-2498
FEDORA-2011-2540
FEDORA-2011-3827
FEDORA-2011-3836
GLSA-201209-02
IAVM:2011-B-0096
MDVSA-2011:043
RHSA-2011:0318
SSA:2011-098-01
SUSE-SR:2011:005
SUSE-SR:2011:009
http://blackberry.com/btsc/KB27244
http://support.apple.com/kb/HT4554
http://support.apple.com/kb/HT4564
http://support.apple.com/kb/HT4565
http://support.apple.com/kb/HT4566
http://support.apple.com/kb/HT4581
http://support.apple.com/kb/HT4999
http://support.apple.com/kb/HT5001
https://bugzilla.redhat.com/show_bug.cgi?id=678635

CPE    59
cpe:/a:apple:itunes:10.0
cpe:/a:apple:itunes:10.1
cpe:/a:apple:itunes:10.0.1
cpe:/a:apple:itunes:9.0.0
...
CWE    1
CWE-119
OVAL    28
oval:org.secpod.oval:def:202864
oval:org.secpod.oval:def:101274
oval:org.secpod.oval:def:103160
oval:org.secpod.oval:def:202844
...

© 2013 SecPod Technologies