CVE-2011-0191

Publication date 2 March 2011

Last updated 24 July 2024

Ubuntu priority

Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
tiff	10.10 maverick	Not affected
	10.04 LTS lucid	Not affected
	9.10 karmic	Fixed 3.8.2-13ubuntu0.4
	8.04 LTS hardy	Fixed 3.8.2-7ubuntu3.7
	6.06 LTS dapper	Fixed 3.7.4-1ubuntu3.9

How can I get the fixes?
What do statuses mean?

Notes

mdeslaur

this doesn't reproduce on 3.9.4 in lucid+

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-1085-1
tiff vulnerabilities
7 March 2011

Other references

https://www.cve.org/CVERecord?id=CVE-2011-0191