CVE-2011-0191

Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
appleCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
appleitunes
𝑥
≤ 10.1.2
appleitunes
4.0.0
appleitunes
4.0.1
appleitunes
4.1.0
appleitunes
4.2.0
appleitunes
4.5
appleitunes
4.5.0
appleitunes
4.6
appleitunes
4.6.0
appleitunes
4.7
appleitunes
4.7.0
appleitunes
4.7.1
appleitunes
4.7.2
appleitunes
4.8.0
appleitunes
4.9.0
appleitunes
5.0
appleitunes
5.0.0
appleitunes
5.0.1
appleitunes
6.0.0
appleitunes
6.0.1
appleitunes
6.0.2
appleitunes
6.0.3
appleitunes
6.0.4
appleitunes
6.0.4.2
appleitunes
6.0.5
appleitunes
7.0.0
appleitunes
7.0.1
appleitunes
7.0.2
appleitunes
7.1.0
appleitunes
7.1.1
appleitunes
7.2.0
appleitunes
7.3.0
appleitunes
7.3.1
appleitunes
7.3.2
appleitunes
7.4
appleitunes
7.4.0
appleitunes
7.4.1
appleitunes
7.4.2
appleitunes
7.4.3
appleitunes
7.5
appleitunes
7.5.0
appleitunes
7.6
appleitunes
7.6.0
appleitunes
7.6.1
appleitunes
7.6.2
appleitunes
7.7
appleitunes
7.7.0
appleitunes
7.7.1
appleitunes
8.0.0
appleitunes
8.0.1
appleitunes
8.0.2
appleitunes
8.1
appleitunes
8.1.1
appleitunes
8.2
appleitunes
8.2.1
appleitunes
9.0.0
appleitunes
9.0.1
appleitunes
9.0.2
appleitunes
9.0.3
appleitunes
9.2
appleitunes
9.2.1
appleitunes
10.0
appleitunes
10.0.1
appleitunes
10.1
appleitunes
10.1.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
tiff
bullseye (security)
4.2.0-1+deb11u5
fixed
bullseye
4.2.0-1+deb11u5
fixed
bookworm
4.5.0-6+deb12u1
fixed
bookworm (security)
4.5.0-6+deb12u1
fixed
sid
4.5.1+git230720-5
fixed
trixie
4.5.1+git230720-5
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
tiff
maverick
not-affected
lucid
not-affected
karmic
Fixed 3.8.2-13ubuntu0.4
released
hardy
Fixed 3.8.2-7ubuntu3.7
released
dapper
Fixed 3.7.4-1ubuntu3.9
released
Common Weakness Enumeration
References
http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html
http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://secunia.com/advisories/43934
http://support.apple.com/kb/HT4554
http://support.apple.com/kb/HT4564
http://support.apple.com/kb/HT4565
http://support.apple.com/kb/HT4566
http://support.apple.com/kb/HT4581
http://www.debian.org/security/2011/dsa-2210
http://www.mandriva.com/security/advisories?name=MDVSA-2011:064
http://www.securityfocus.com/bid/46657
http://www.vupen.com/english/advisories/2011/0845
http://www.vupen.com/english/advisories/2011/0859
http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html
http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://secunia.com/advisories/43934
http://support.apple.com/kb/HT4554
http://support.apple.com/kb/HT4564
http://support.apple.com/kb/HT4565
http://support.apple.com/kb/HT4566
http://support.apple.com/kb/HT4581
http://www.debian.org/security/2011/dsa-2210
http://www.mandriva.com/security/advisories?name=MDVSA-2011:064
http://www.securityfocus.com/bid/46657
http://www.vupen.com/english/advisories/2011/0845
http://www.vupen.com/english/advisories/2011/0859