CVE-2011-0192

N/A Unknown

Published: March 03, 2011 Modified: April 29, 2026

Description

Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://blackberry.com/btsc/KB27244

Source: product-security@apple.com

http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html

Source: product-security@apple.com

http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html

Source: product-security@apple.com

http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html

Source: product-security@apple.com

http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html

Source: product-security@apple.com

http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html

Source: product-security@apple.com

http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html

Source: product-security@apple.com

Patch Vendor Advisory

http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html

Source: product-security@apple.com

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html

Source: product-security@apple.com

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html

Source: product-security@apple.com

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055240.html

Source: product-security@apple.com

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055683.html

Source: product-security@apple.com

http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

Source: product-security@apple.com

http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html

Source: product-security@apple.com

http://secunia.com/advisories/43585

Source: product-security@apple.com

http://secunia.com/advisories/43593

Source: product-security@apple.com

http://secunia.com/advisories/43664

Source: product-security@apple.com

http://secunia.com/advisories/43934

Source: product-security@apple.com

http://secunia.com/advisories/44117

Source: product-security@apple.com

http://secunia.com/advisories/44135

Source: product-security@apple.com

http://secunia.com/advisories/50726

Source: product-security@apple.com

http://security.gentoo.org/glsa/glsa-201209-02.xml

Source: product-security@apple.com

http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820

Source: product-security@apple.com

http://support.apple.com/kb/HT4554

Source: product-security@apple.com

Vendor Advisory

http://support.apple.com/kb/HT4564

Source: product-security@apple.com

http://support.apple.com/kb/HT4565

Source: product-security@apple.com

http://support.apple.com/kb/HT4566

Source: product-security@apple.com

http://support.apple.com/kb/HT4581

Source: product-security@apple.com

http://support.apple.com/kb/HT4999

Source: product-security@apple.com

http://support.apple.com/kb/HT5001

Source: product-security@apple.com

http://www.debian.org/security/2011/dsa-2210

Source: product-security@apple.com

http://www.mandriva.com/security/advisories?name=MDVSA-2011:043

Source: product-security@apple.com

http://www.redhat.com/support/errata/RHSA-2011-0318.html

Source: product-security@apple.com

http://www.securityfocus.com/bid/46658

Source: product-security@apple.com

http://www.securitytracker.com/id?1025153

Source: product-security@apple.com

http://www.vupen.com/english/advisories/2011/0551

Source: product-security@apple.com

http://www.vupen.com/english/advisories/2011/0599

Source: product-security@apple.com

http://www.vupen.com/english/advisories/2011/0621

Source: product-security@apple.com

http://www.vupen.com/english/advisories/2011/0845

Source: product-security@apple.com

http://www.vupen.com/english/advisories/2011/0905

Source: product-security@apple.com

http://www.vupen.com/english/advisories/2011/0930

Source: product-security@apple.com

http://www.vupen.com/english/advisories/2011/0960

Source: product-security@apple.com

https://bugzilla.redhat.com/show_bug.cgi?id=678635

Source: product-security@apple.com

http://blackberry.com/btsc/KB27244

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch Vendor Advisory

http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055240.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055683.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/43585

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/43593

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/43664

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/43934

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/44117

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/44135

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/50726

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-201209-02.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT4554

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://support.apple.com/kb/HT4564

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT4565

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT4566

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT4581

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT4999

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT5001

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2011/dsa-2210

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2011:043

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2011-0318.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/46658

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1025153

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/0551

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/0599

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/0621

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/0845

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/0905

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/0930

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/0960

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=678635

Source: af854a3a-2127-422b-91ae-364da2661108

86 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

7.5%

94th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-119

Affected Vendors

apple microsoft

Related CVEs

CVE-2026-40941 N/A

CVE-2026-40084 6.5

CVE-2026-40083 7.2

CVE-2026-40082 5.4

CVE-2026-40080 6.1