{"api_version":"1","generated_at":"2026-04-23T11:33:02+00:00","cve":"CVE-2016-9535","urls":{"html":"https://cve.report/CVE-2016-9535","api":"https://cve.report/api/cve/CVE-2016-9535.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2016-9535","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2016-9535"},"summary":{"title":"CVE-2016-9535","description":"tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka \"Predictor heap-buffer-overflow.\"","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2016-11-22 19:59:00","updated_at":"2018-01-05 02:31:00"},"problem_types":["CWE-119"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/94484","name":"94484","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"RETIRED: LibTIFF Multiple Security Vulnerabilites","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33","name":"https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33","refsource":"CONFIRM","tags":["Issue Tracking","Patch","Third Party Advisory"],"title":"* libtiff/tif_predic.c: fix memory leaks in error code paths added in · vadz/libtiff@6a984bf · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/94744","name":"94744","refsource":"BID","tags":[],"title":"LibTIFF CVE-2016-9535 Heap Buffer Overflow Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1","name":"https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1","refsource":"CONFIRM","tags":["Issue Tracking","Patch","Third Party Advisory"],"title":"* libtiff/tif_predict.h, libtiff/tif_predict.c: · vadz/libtiff@3ca657a · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0225.html","name":"RHSA-2017:0225","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.debian.org/security/2017/dsa-3844","name":"DSA-3844","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-3844-1 tiff","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2016-9535","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9535","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2016","cve_id":"9535","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"libtiff","cpe5":"libtiff","cpe6":"4.0.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"9535","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"libtiff","cpe5":"libtiff","cpe6":"4.0.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2016-9535","qid":"378144","title":"Virtuozzo Linux Security Update for libtiff-static (VZLSA-2017:0225)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2016-9535","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka \"Predictor heap-buffer-overflow.\""}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"DSA-3844","refsource":"DEBIAN","url":"http://www.debian.org/security/2017/dsa-3844"},{"name":"https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1","refsource":"CONFIRM","url":"https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1"},{"name":"https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33","refsource":"CONFIRM","url":"https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33"},{"name":"RHSA-2017:0225","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2017-0225.html"},{"name":"94744","refsource":"BID","url":"http://www.securityfocus.com/bid/94744"},{"name":"94484","refsource":"BID","url":"http://www.securityfocus.com/bid/94484"}]}},"nvd":{"publishedDate":"2016-11-22 19:59:00","lastModifiedDate":"2018-01-05 02:31:00","problem_types":["CWE-119"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:libtiff:libtiff:4.0.6:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2016","CveId":"9535","Ordinal":"96220","Title":"CVE-2016-9535","CVE":"CVE-2016-9535","Year":"2016"},"notes":[{"CveYear":"2016","CveId":"9535","Ordinal":"1","NoteData":"tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka \"Predictor heap-buffer-overflow.\"","Type":"Description","Title":null},{"CveYear":"2016","CveId":"9535","Ordinal":"2","NoteData":"2016-11-22","Type":"Other","Title":"Published"},{"CveYear":"2016","CveId":"9535","Ordinal":"3","NoteData":"2018-01-04","Type":"Other","Title":"Modified"}]}}}