CVE-2011-0192: Buffer Overflow
First published: Fri Feb 18 2011(Updated: )
A heap-based buffer overflow was found in the way TIFF (Tagged Image File Format) image files manipulating library expanded certain rows of 2D-encoded data, when processing TIFF Internet Fax image files, compressed with CCITT group 4 compression algorithm. If an attacker created a specially-crafted image file and tricked a local, unsuspecting user into loading the image file in an application that uses the TIFF image manipulating library, it could cause that application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
Credit: product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| iTunes | <=10.1.2 | |
| iTunes | =4.0.0 | |
| iTunes | =4.0.1 | |
| iTunes | =4.1.0 | |
| iTunes | =4.2.0 | |
| iTunes | =4.5 | |
| iTunes | =4.5.0 | |
| iTunes | =4.6 | |
| iTunes | =4.6.0 | |
| iTunes | =4.7 | |
| iTunes | =4.7.0 | |
| iTunes | =4.7.1 | |
| iTunes | =4.7.2 | |
| iTunes | =4.8.0 | |
| iTunes | =4.9.0 | |
| iTunes | =5.0 | |
| iTunes | =5.0.0 | |
| iTunes | =5.0.1 | |
| iTunes | =6.0.0 | |
| iTunes | =6.0.1 | |
| iTunes | =6.0.2 | |
| iTunes | =6.0.3 | |
| iTunes | =6.0.4 | |
| iTunes | =6.0.4.2 | |
| iTunes | =6.0.5 | |
| iTunes | =7.0.0 | |
| iTunes | =7.0.1 | |
| iTunes | =7.0.2 | |
| iTunes | =7.1.0 | |
| iTunes | =7.1.1 | |
| iTunes | =7.2.0 | |
| iTunes | =7.3.0 | |
| iTunes | =7.3.1 | |
| iTunes | =7.3.2 | |
| iTunes | =7.4 | |
| iTunes | =7.4.0 | |
| iTunes | =7.4.1 | |
| iTunes | =7.4.2 | |
| iTunes | =7.4.3 | |
| iTunes | =7.5 | |
| iTunes | =7.5.0 | |
| iTunes | =7.6 | |
| iTunes | =7.6.0 | |
| iTunes | =7.6.1 | |
| iTunes | =7.6.2 | |
| iTunes | =7.7 | |
| iTunes | =7.7.0 | |
| iTunes | =7.7.1 | |
| iTunes | =8.0.0 | |
| iTunes | =8.0.1 | |
| iTunes | =8.0.2 | |
| iTunes | =8.1 | |
| iTunes | =8.1.1 | |
| iTunes | =8.2 | |
| iTunes | =8.2.1 | |
| iTunes | =9.0.0 | |
| iTunes | =9.0.1 | |
| iTunes | =9.0.2 | |
| iTunes | =9.0.3 | |
| iTunes | =9.2 | |
| iTunes | =9.2.1 | |
| iTunes | =10.0 | |
| iTunes | =10.0.1 | |
| iTunes | =10.1 | |
| iTunes | =10.1.1 | |
| Microsoft Windows Operating System | ||
| Microsoft Windows 7 | ||
| Microsoft Windows Vista | ||
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows XP | =sp3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://support.apple.com/kb/HT4554
- http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html
- http://support.apple.com/kb/HT4564
- http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
- http://www.vupen.com/english/advisories/2011/0621
- http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html
- http://support.apple.com/kb/HT4565
- http://support.apple.com/kb/HT4566
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:043
- http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html
- http://support.apple.com/kb/HT4581
- http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
- http://www.securitytracker.com/id?1025153
- http://www.redhat.com/support/errata/RHSA-2011-0318.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055683.html
- http://secunia.com/advisories/43664
- http://secunia.com/advisories/43593
- http://www.securityfocus.com/bid/46658
- https://bugzilla.redhat.com/show_bug.cgi?id=678635
- http://www.vupen.com/english/advisories/2011/0599
- http://www.vupen.com/english/advisories/2011/0551
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055240.html
- http://secunia.com/advisories/43585
- http://www.vupen.com/english/advisories/2011/0845
- http://secunia.com/advisories/43934
- http://www.vupen.com/english/advisories/2011/0930
- http://www.debian.org/security/2011/dsa-2210
- http://www.vupen.com/english/advisories/2011/0905
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html
- http://www.vupen.com/english/advisories/2011/0960
- http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820
- http://secunia.com/advisories/44135
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html
- http://secunia.com/advisories/44117
- http://blackberry.com/btsc/KB27244
- http://support.apple.com/kb/HT4999
- http://support.apple.com/kb/HT5001
- http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
- http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html
- http://secunia.com/advisories/50726
- http://security.gentoo.org/glsa/glsa-201209-02.xml
- http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=681672
- https://rhn.redhat.com/errata/RHSA-2011-0318.html
- http://bugzilla.maptools.org/show_bug.cgi?id=2297
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=678635#c23
- https://rhn.redhat.com/errata/RHSA-2011-0392.html
Frequently Asked Questions
What is the severity of CVE-2011-0192?
CVE-2011-0192 is classified as a critical vulnerability due to the potential for remote code execution through specially crafted TIFF files.
How do I fix CVE-2011-0192?
To mitigate CVE-2011-0192, users should update to the latest version of Apple iTunes that addresses this vulnerability.
What type of vulnerability is CVE-2011-0192?
CVE-2011-0192 is a heap-based buffer overflow vulnerability affecting TIFF image file processing.
Which versions of Apple iTunes are affected by CVE-2011-0192?
CVE-2011-0192 affects multiple versions of Apple iTunes up to and including 10.1.2, as well as specific versions starting from 4.0.0.
Can CVE-2011-0192 affect Windows operating systems?
No, CVE-2011-0192 specifically impacts Apple iTunes on Mac systems and does not affect Microsoft Windows operating systems.
- collector/nvd-historical
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-0192
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/author
- agent/remedy
- agent/references
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/apple
- canonical/itunes
- version/itunes/10.1.2
- version/itunes/4.0.0
- version/itunes/4.0.1
- version/itunes/4.1.0
- version/itunes/4.2.0
- version/itunes/4.5
- version/itunes/4.5.0
- version/itunes/4.6
- version/itunes/4.6.0
- version/itunes/4.7
- version/itunes/4.7.0
- version/itunes/4.7.1
- version/itunes/4.7.2
- version/itunes/4.8.0
- version/itunes/4.9.0
- version/itunes/5.0
- version/itunes/5.0.0
- version/itunes/5.0.1
- version/itunes/6.0.0
- version/itunes/6.0.1
- version/itunes/6.0.2
- version/itunes/6.0.3
- version/itunes/6.0.4
- version/itunes/6.0.4.2
- version/itunes/6.0.5
- version/itunes/7.0.0
- version/itunes/7.0.1
- version/itunes/7.0.2
- version/itunes/7.1.0
- version/itunes/7.1.1
- version/itunes/7.2.0
- version/itunes/7.3.0
- version/itunes/7.3.1
- version/itunes/7.3.2
- version/itunes/7.4
- version/itunes/7.4.0
- version/itunes/7.4.1
- version/itunes/7.4.2
- version/itunes/7.4.3
- version/itunes/7.5
- version/itunes/7.5.0
- version/itunes/7.6
- version/itunes/7.6.0
- version/itunes/7.6.1
- version/itunes/7.6.2
- version/itunes/7.7
- version/itunes/7.7.0
- version/itunes/7.7.1
- version/itunes/8.0.0
- version/itunes/8.0.1
- version/itunes/8.0.2
- version/itunes/8.1
- version/itunes/8.1.1
- version/itunes/8.2
- version/itunes/8.2.1
- version/itunes/9.0.0
- version/itunes/9.0.1
- version/itunes/9.0.2
- version/itunes/9.0.3
- version/itunes/9.2
- version/itunes/9.2.1
- version/itunes/10.0
- version/itunes/10.0.1
- version/itunes/10.1
- version/itunes/10.1.1
- vendor/microsoft
- canonical/microsoft windows operating system
- canonical/microsoft windows 7
- canonical/microsoft windows vista
- version/microsoft windows vista/sp1
- version/microsoft windows vista/sp2
- canonical/microsoft windows xp
- version/microsoft windows xp/sp2
- version/microsoft windows xp/sp3