CVE-2016-9535
CRITICALlibtiff - Heap-Based Buffer Overflow in Predictor Function
Title source: llmDescription
tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."
References (6)
Core 6
Core References
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2017/dsa-3844
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2017-0225.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94744
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94484
Scores
CVSS v3
9.8
EPSS
0.0477
EPSS Percentile
90.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-119
Status
published
Products (1)
libtiff/libtiff
4.0.6
Published
Nov 22, 2016
Tracked Since
Feb 18, 2026