CVE-2011-0191 Information

Description

Buffer overflow in LibTIFF 3.9.4 and possibly other versions as used in ImageIO in Apple iTunes before 10.2 on Windows and other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding.

Reference

http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html http://secunia.com/advisories/43934 http://support.apple.com/kb/HT4554 http://support.apple.com/kb/HT4564 http://support.apple.com/kb/HT4565 http://support.apple.com/kb/HT4566 http://support.apple.com/kb/HT4581 http://www.debian.org/security/2011/dsa-2210 http://www.mandriva.com/security/advisories?name=MDVSA-2011:064 http://www.securityfocus.com/bid/46657 http://www.vupen.com/english/advisories/2011/0845 http://www.vupen.com/english/advisories/2011/0859