tifwrite.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tifrawcc and tif_rawcp members. Reported as MSVR 35095, aka "TIFFFlushData1 heap-buffer-overflow."
{ "vanir_signatures": [ { "digest": { "length": 15168.0, "function_hash": "88019463951221511764405975192975588011" }, "signature_version": "v1", "deprecated": false, "source": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a", "target": { "file": "tools/tiff2pdf.c", "function": "t2p_readwrite_pdf_image" }, "id": "CVE-2016-9534-00421608", "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "117112323259344223833475556500622594259", "144562193145538188916172975033903991939", "210874818685827076760726421977356114356", "167457637744200498288873553798755757941", "279710318255183697674778972530578319839", "182723839043551894969220729657777568311", "179506914801651737202496035516015482859", "121368253602005380541182632685182623986", "338206349815407984064122601696420529100", "101760269786035384966845509285196150945", "307005722251892113518012785085878579106", "30390668568652839551222360198513326690", "46866917487450665939760354233617879436", "78149491166009279723732446265106863334", "105545265367495464498122003768023620035", "44048045219524339399334189420515340543", "262726798695970295498516737684712750254", "10110133054761737231175775909926625912", "23218289083490410694997667380684606785", "310233858471791319400250953710670297235", "203711567262293833779458379456840569261", "272162734410589867247991443819348977204", "274306025372165375019047299165760456601", "210751992773568308284706322761504583281", "101713304003409915346279373195908226151", "162867869520564585956569690443868626027", "94368858105844853090795049351794689551", "174535904465584288911633174284360373669", "241464164341952458653223732888592650441", "109589458600794711252066886834445454120", "331314831328103882273363111915999456153", "332888468193464188134604969123631028292", "131661770201569780593486124137089492337", "145797503187807186431772020967633149410", "130481442836014770457556044512253018419", "255892593270255823512568604756836773562", "271424718019632675915702773541809465798", "333683048002767071485483562642829477792", "296108699079536827817543491392776770006", "138178340195483357479604619066700676426", "56374075224321062242874840591671121829", "32942682289684704388808100865425784590", "231372596963552484351277729658436342466" ] }, "signature_version": "v1", "deprecated": false, "source": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a", "target": { "file": "tools/tiff2pdf.c" }, "id": "CVE-2016-9534-15de4d54", "signature_type": "Line" }, { "digest": { "length": 2387.0, "function_hash": "252107940369276295645065162026460407848" }, "signature_version": "v1", "deprecated": false, "source": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a", "target": { "file": "tools/tiff2pdf.c", "function": "t2p_process_jpeg_strip" }, "id": "CVE-2016-9534-2d110549", "signature_type": "Function" }, { "digest": { "length": 9251.0, "function_hash": "183740283451253688784876058306616725327" }, "signature_version": "v1", "deprecated": false, "source": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a", "target": { "file": "tools/tiffcrop.c", "function": "loadImage" }, "id": "CVE-2016-9534-3cf0b408", "signature_type": "Function" }, { "digest": { "length": 960.0, "function_hash": "246327942660240271211262596706791187246" }, "signature_version": "v1", "deprecated": false, "source": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a", "target": { "file": "tools/tiffcrop.c", "function": "reverseSamplesBytes" }, "id": "CVE-2016-9534-62a2ed5f", "signature_type": "Function" }, { "digest": { "length": 1762.0, "function_hash": "46982081775376058319603763350491718546" }, "signature_version": "v1", "deprecated": false, "source": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a", "target": { "file": "libtiff/tif_pixarlog.c", "function": "horizontalDifference16" }, "id": "CVE-2016-9534-6406537e", "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "205316624495461107143889132108106423089", "265673044131452380636924265429562119016", "125337659118349023288144630698566363386", "194308659459503417629313897834588412062", "201354101766401830369969390807717733159", "322812330950112735422862359173324374874", "143801085981218241387614880035211509851", "35222736082261731618124106694282783867", "148112448371721034374519135894250079489", "117368531517646142325778349975948951145", "71052179919210352563488475789413848625", "42355639345712210594642651938861978648", "337859860493266850707186932336961840713", "39077536332336494230375252957937612789", "55905503517158592613341906875436584565", "163872770385938979460686356704112593704", "15325757244220142807197424310764569655" ] }, "signature_version": "v1", "deprecated": false, "source": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a", "target": { "file": "tools/tiffcrop.c" }, "id": "CVE-2016-9534-73478d2c", "signature_type": "Line" }, { "digest": { "length": 1778.0, "function_hash": "336974130481715274748212091977756961619" }, "signature_version": "v1", "deprecated": false, "source": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a", "target": { "file": "libtiff/tif_pixarlog.c", "function": "horizontalDifference8" }, "id": "CVE-2016-9534-8cd04f6f", "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "168778683988015749415761190987781815317", "120539506771473592544892535126542465433", "331473340755202819579353491512124111325", "203499294147954101735967217266866951033", "237595288556302920595583087057949187827", "147900042652371771295313326495694145977", "291264068232821951512332238850975179483", "111984926203013891380286318167062785965", "271273424029538886479444092822924698281", "144357894407343751130021581969741292137", "207001919918290765974801517422974678398", "23026374422442736694843469488155482888", "55321358480290313970788704418819198250", "302239710542018439102186682450657734752", "157535021048383647301343033324622981941", "120539506771473592544892535126542465433", "331473340755202819579353491512124111325", "203499294147954101735967217266866951033", "111023209860894570099536426590405128341", "158390765308758213885367871576796815218", "133892026813614459858318638180860386180", "217873574642729785037476801754391779082", "271273424029538886479444092822924698281", "144357894407343751130021581969741292137", "6745380161081907553222144472971406603", "287001925648634010483687835199835264182", "170434654942848681500090094038986343469", "221434968346132474915114729019861790402", "90829083827528446159166522768709829587", "184871785926125041454975505904865795388", "273779778197496942356304809905869924725", "116409018182425777371419156417403555510", "208872210663291046521675627166370283632", "158390765308758213885367871576796815218", "133892026813614459858318638180860386180", "217873574642729785037476801754391779082", "271273424029538886479444092822924698281", "144357894407343751130021581969741292137", "6745380161081907553222144472971406603", "287001925648634010483687835199835264182", "170434654942848681500090094038986343469", "221434968346132474915114729019861790402", "93662261141235397336793541586627527916" ] }, "signature_version": "v1", "deprecated": false, "source": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a", "target": { "file": "libtiff/tif_pixarlog.c" }, "id": "CVE-2016-9534-af4b6863", "signature_type": "Line" }, { "digest": { "length": 2036.0, "function_hash": "9939657162050573481422511850061865316" }, "signature_version": "v1", "deprecated": false, "source": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a", "target": { "file": "libtiff/tif_pixarlog.c", "function": "horizontalDifferenceF" }, "id": "CVE-2016-9534-b1b6e3ff", "signature_type": "Function" }, { "digest": { "length": 526.0, "function_hash": "236969961741366081545599122336855606428" }, "signature_version": "v1", "deprecated": false, "source": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a", "target": { "file": "libtiff/tif_write.c", "function": "TIFFFlushData1" }, "id": "CVE-2016-9534-cfbf3dc1", "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "16906484501165277227366997244179632832", "202393771188039352727249793171890633838", "66929609002313280633003932852104003162", "115587544957025723080910332083760745579", "297346610758618059012513128558105241319" ] }, "signature_version": "v1", "deprecated": false, "source": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a", "target": { "file": "libtiff/tif_write.c" }, "id": "CVE-2016-9534-f811811a", "signature_type": "Line" } ] }