CVE 2011-0192
Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information.
Related bugs and status
CVE-2011-0192 (Candidate) is related to these bugs:
Bug #591605: eog crashed with SIGSEGV in TIFFRGBAImageGet()
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 591605 | eog crashed with SIGSEGV in TIFFRGBAImageGet() | tiff (Ubuntu) | Medium | Fix Released | ||
| 591605 | eog crashed with SIGSEGV in TIFFRGBAImageGet() | tiff (Ubuntu Lucid) | Medium | Fix Released | ||
| 591605 | eog crashed with SIGSEGV in TIFFRGBAImageGet() | tiff (Ubuntu Maverick) | Medium | Fix Released | ||
| 591605 | eog crashed with SIGSEGV in TIFFRGBAImageGet() | LibTIFF | Medium | Fix Released | ||
| 591605 | eog crashed with SIGSEGV in TIFFRGBAImageGet() | tiff (Debian) | Unknown | Fix Released | ||
Bug #593067: eog crashed with SIGSEGV in __memset_sse2()
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 593067 | eog crashed with SIGSEGV in __memset_sse2() | tiff (Ubuntu) | Medium | Fix Released | ||
Bug #597246: eog crashed with SIGSEGV in TIFFVGetField()
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 597246 | eog crashed with SIGSEGV in TIFFVGetField() | tiff (Ubuntu) | Undecided | Fix Released | ||
Bug #731540: Regression when reading CCITTFAX4 files due to fix for CVE-2011-0192 (tif_fax3.h)
Bug #898825: freeimage: multiple vulnerabilities in embedded code copies
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 898825 | freeimage: multiple vulnerabilities in embedded code copies | freeimage (Ubuntu) | Undecided | Fix Released | ||
Bug #898845: New upstream release: FreeImage 3.15.1
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 898845 | New upstream release: FreeImage 3.15.1 | freeimage (Ubuntu) | Undecided | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
