Home > Vulnerability Database > CVE-2011-0191

Mend.io Vulnerability Database

CVE-2011-0191

Date: March 3, 2011

Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding.

Severity Score

8.1

Related Resources (21)

Url: http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html

Url: http://www.securityfocus.com/bid/46657

Url: http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2011-0191

Url: http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html

Url: http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

Url: http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html

Url: http://support.apple.com/kb/HT4581

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2011-0191

Url: http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html

Url: http://support.apple.com/kb/HT4554

Url: http://support.apple.com/kb/HT4565

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2011:064

Url: http://www.vupen.com/english/advisories/2011/0859

Url: http://support.apple.com/kb/HT4564

Url: http://support.apple.com/kb/HT4566

Url: http://www.vupen.com/english/advisories/2011/0845

Url: http://secunia.com/advisories/43934

Url: http://www.debian.org/security/2011/dsa-2210

Url: http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html

Url: https://www.mend.io/vulnerability-database/CVE-2011-0191

Severity Score

8.1

Weakness Type (CWE)

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-119

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	9.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2011-0191

Date: March 3, 2011

Severity Score

Related Resources (21)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?