[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

111017

 
 

909

 
 

86402

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2011-0192Date: (C)2011-03-03   (M)2018-06-11


Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 9.3
Exploit Score: Exploit Score: 8.6
Impact Score: Impact Score: 10.0
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: MEDIUM
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: COMPLETE
Scope: Integrity: COMPLETE
Confidentiality: Availability: COMPLETE
Integrity:  
Availability:  
  
Reference:
SECTRACK-1025153
SECUNIA-43585
SECUNIA-43593
SECUNIA-43664
SECUNIA-43934
SECUNIA-44117
SECUNIA-44135
BID-46658
SECUNIA-50726
ADV-2011-0551
ADV-2011-0599
ADV-2011-0621
ADV-2011-0845
ADV-2011-0905
ADV-2011-0930
ADV-2011-0960
APPLE-SA-2011-03-02-1
APPLE-SA-2011-03-09-1
APPLE-SA-2011-03-09-2
APPLE-SA-2011-03-09-3
APPLE-SA-2011-03-21-1
APPLE-SA-2011-10-12-1
APPLE-SA-2011-10-12-2
DSA-2210
FEDORA-2011-2498
FEDORA-2011-2540
FEDORA-2011-3827
FEDORA-2011-3836
GLSA-201209-02
IAVM:2011-B-0096
MDVSA-2011:043
RHSA-2011:0318
SSA:2011-098-01
SUSE-SR:2011:005
SUSE-SR:2011:009
http://blackberry.com/btsc/KB27244
http://support.apple.com/kb/HT4554
http://support.apple.com/kb/HT4564
http://support.apple.com/kb/HT4565
http://support.apple.com/kb/HT4566
http://support.apple.com/kb/HT4581
http://support.apple.com/kb/HT4999
http://support.apple.com/kb/HT5001
https://bugzilla.redhat.com/show_bug.cgi?id=678635

CPE    59
cpe:/a:apple:itunes:5.0.1
cpe:/a:apple:itunes:5.0.0
cpe:/a:apple:itunes:4.2.0
cpe:/a:apple:itunes:7.4.3
...
CWE    1
CWE-119
OVAL    28
oval:org.secpod.oval:def:600575
oval:org.secpod.oval:def:600561
oval:org.secpod.oval:def:700257
oval:org.secpod.oval:def:362
...

© SecPod Technologies