CVE-2016-9535
Summary
| CVE | CVE-2016-9535 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-11-22 19:59:00 UTC |
| Updated | 2018-01-05 02:31:00 UTC |
| Description | tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow." |
Risk And Classification
Problem Types: CWE-119
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| RETIRED: LibTIFF Multiple Security Vulnerabilites | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| * libtiff/tif_predic.c: fix memory leaks in error code paths added in · vadz/libtiff@6a984bf · GitHub | CONFIRM | github.com | Issue Tracking, Patch, Third Party Advisory |
| LibTIFF CVE-2016-9535 Heap Buffer Overflow Vulnerability | BID | www.securityfocus.com | |
| * libtiff/tif_predict.h, libtiff/tif_predict.c: · vadz/libtiff@3ca657a · GitHub | CONFIRM | github.com | Issue Tracking, Patch, Third Party Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| Debian -- Security Information -- DSA-3844-1 tiff | DEBIAN | www.debian.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 378144 Virtuozzo Linux Security Update for libtiff-static (VZLSA-2017:0225)