CVE-2011-0192

03.03.2011, 20:00

Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h.  NOTE: some of these details are obtained from third party information.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:C/I:C/A:C
apple	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 87%

Vendor	Product	Version
apple	itunes	𝑥 ≤ 10.1.2
apple	itunes	4.0.0
apple	itunes	4.0.1
apple	itunes	4.1.0
apple	itunes	4.2.0
apple	itunes	4.5
apple	itunes	4.5.0
apple	itunes	4.6
apple	itunes	4.6.0
apple	itunes	4.7
apple	itunes	4.7.0
apple	itunes	4.7.1
apple	itunes	4.7.2
apple	itunes	4.8.0
apple	itunes	4.9.0
apple	itunes	5.0
apple	itunes	5.0.0
apple	itunes	5.0.1
apple	itunes	6.0.0
apple	itunes	6.0.1
apple	itunes	6.0.2
apple	itunes	6.0.3
apple	itunes	6.0.4
apple	itunes	6.0.4.2
apple	itunes	6.0.5
apple	itunes	7.0.0
apple	itunes	7.0.1
apple	itunes	7.0.2
apple	itunes	7.1.0
apple	itunes	7.1.1
apple	itunes	7.2.0
apple	itunes	7.3.0
apple	itunes	7.3.1
apple	itunes	7.3.2
apple	itunes	7.4
apple	itunes	7.4.0
apple	itunes	7.4.1
apple	itunes	7.4.2
apple	itunes	7.4.3
apple	itunes	7.5
apple	itunes	7.5.0
apple	itunes	7.6
apple	itunes	7.6.0
apple	itunes	7.6.1
apple	itunes	7.6.2
apple	itunes	7.7
apple	itunes	7.7.0
apple	itunes	7.7.1
apple	itunes	8.0.0
apple	itunes	8.0.1
apple	itunes	8.0.2
apple	itunes	8.1
apple	itunes	8.1.1
apple	itunes	8.2
apple	itunes	8.2.1
apple	itunes	9.0.0
apple	itunes	9.0.1
apple	itunes	9.0.2
apple	itunes	9.0.3
apple	itunes	9.2
apple	itunes	9.2.1
apple	itunes	10.0
apple	itunes	10.0.1
apple	itunes	10.1
apple	itunes	10.1.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

tiff

bullseye (security)	4.2.0-1+deb11u5 fixed
bullseye	4.2.0-1+deb11u5 fixed
bookworm	4.5.0-6+deb12u1 fixed
bookworm (security)	4.5.0-6+deb12u1 fixed
sid	4.5.1+git230720-5 fixed
trixie	4.5.1+git230720-5 fixed

Ubuntu Releases

Ubuntu Product

Codename

tiff

maverick	Fixed 3.9.4-2ubuntu0.1 released
lucid	Fixed 3.9.2-2ubuntu0.4 released
karmic	Fixed 3.8.2-13ubuntu0.4 released
hardy	Fixed 3.8.2-7ubuntu3.7 released
dapper	Fixed 3.7.4-1ubuntu3.9 released

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://blackberry.com/btsc/KB27244

http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html

http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html

http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html

http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html

http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html

http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html

http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055240.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055683.html

http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html

http://secunia.com/advisories/43585

http://secunia.com/advisories/43593

http://secunia.com/advisories/43664

http://secunia.com/advisories/43934

http://secunia.com/advisories/44117

http://secunia.com/advisories/44135

http://secunia.com/advisories/50726

http://security.gentoo.org/glsa/glsa-201209-02.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820

http://support.apple.com/kb/HT4554

http://support.apple.com/kb/HT4564

http://support.apple.com/kb/HT4565

http://support.apple.com/kb/HT4566

http://support.apple.com/kb/HT4581

http://support.apple.com/kb/HT4999

http://support.apple.com/kb/HT5001

http://www.debian.org/security/2011/dsa-2210

http://www.mandriva.com/security/advisories?name=MDVSA-2011:043

http://www.redhat.com/support/errata/RHSA-2011-0318.html

http://www.securityfocus.com/bid/46658

http://www.securitytracker.com/id?1025153

http://www.vupen.com/english/advisories/2011/0551

http://www.vupen.com/english/advisories/2011/0599

http://www.vupen.com/english/advisories/2011/0621

http://www.vupen.com/english/advisories/2011/0845

http://www.vupen.com/english/advisories/2011/0905

http://www.vupen.com/english/advisories/2011/0930

http://www.vupen.com/english/advisories/2011/0960

https://bugzilla.redhat.com/show_bug.cgi?id=678635

http://blackberry.com/btsc/KB27244

http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html

http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html

http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html

http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html

http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html

http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html

http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055240.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055683.html

http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html

http://secunia.com/advisories/43585

http://secunia.com/advisories/43593

http://secunia.com/advisories/43664

http://secunia.com/advisories/43934

http://secunia.com/advisories/44117

http://secunia.com/advisories/44135

http://secunia.com/advisories/50726

http://security.gentoo.org/glsa/glsa-201209-02.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820

http://support.apple.com/kb/HT4554

http://support.apple.com/kb/HT4564

http://support.apple.com/kb/HT4565

http://support.apple.com/kb/HT4566

http://support.apple.com/kb/HT4581

http://support.apple.com/kb/HT4999

http://support.apple.com/kb/HT5001

http://www.debian.org/security/2011/dsa-2210

http://www.mandriva.com/security/advisories?name=MDVSA-2011:043

http://www.redhat.com/support/errata/RHSA-2011-0318.html

http://www.securityfocus.com/bid/46658

http://www.securitytracker.com/id?1025153

http://www.vupen.com/english/advisories/2011/0551

http://www.vupen.com/english/advisories/2011/0599

http://www.vupen.com/english/advisories/2011/0621

http://www.vupen.com/english/advisories/2011/0845

http://www.vupen.com/english/advisories/2011/0905

http://www.vupen.com/english/advisories/2011/0930

http://www.vupen.com/english/advisories/2011/0960

https://bugzilla.redhat.com/show_bug.cgi?id=678635