CVE-2011-0191

high

Description

Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding.

References

http://www.vupen.com/english/advisories/2011/0859

http://www.vupen.com/english/advisories/2011/0845

http://www.securityfocus.com/bid/46657

http://www.mandriva.com/security/advisories?name=MDVSA-2011:064

http://www.debian.org/security/2011/dsa-2210

http://support.apple.com/kb/HT4581

http://support.apple.com/kb/HT4566

http://support.apple.com/kb/HT4565

http://support.apple.com/kb/HT4564

http://support.apple.com/kb/HT4554

http://secunia.com/advisories/43934

http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html

http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html

http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html

http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html

http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html

Details

Source: Mitre, NVD

Published: 2011-03-03

Updated: 2014-02-21

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High