tifwrite.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tifrawcc and tif_rawcp members. Reported as MSVR 35095, aka "TIFFFlushData1 heap-buffer-overflow."
[
{
"source": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a",
"target": {
"function": "t2p_readwrite_pdf_image",
"file": "tools/tiff2pdf.c"
},
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "88019463951221511764405975192975588011",
"length": 15168.0
},
"id": "CVE-2016-9534-00421608"
},
{
"source": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a",
"target": {
"file": "tools/tiff2pdf.c"
},
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"117112323259344223833475556500622594259",
"144562193145538188916172975033903991939",
"210874818685827076760726421977356114356",
"167457637744200498288873553798755757941",
"279710318255183697674778972530578319839",
"182723839043551894969220729657777568311",
"179506914801651737202496035516015482859",
"121368253602005380541182632685182623986",
"338206349815407984064122601696420529100",
"101760269786035384966845509285196150945",
"307005722251892113518012785085878579106",
"30390668568652839551222360198513326690",
"46866917487450665939760354233617879436",
"78149491166009279723732446265106863334",
"105545265367495464498122003768023620035",
"44048045219524339399334189420515340543",
"262726798695970295498516737684712750254",
"10110133054761737231175775909926625912",
"23218289083490410694997667380684606785",
"310233858471791319400250953710670297235",
"203711567262293833779458379456840569261",
"272162734410589867247991443819348977204",
"274306025372165375019047299165760456601",
"210751992773568308284706322761504583281",
"101713304003409915346279373195908226151",
"162867869520564585956569690443868626027",
"94368858105844853090795049351794689551",
"174535904465584288911633174284360373669",
"241464164341952458653223732888592650441",
"109589458600794711252066886834445454120",
"331314831328103882273363111915999456153",
"332888468193464188134604969123631028292",
"131661770201569780593486124137089492337",
"145797503187807186431772020967633149410",
"130481442836014770457556044512253018419",
"255892593270255823512568604756836773562",
"271424718019632675915702773541809465798",
"333683048002767071485483562642829477792",
"296108699079536827817543491392776770006",
"138178340195483357479604619066700676426",
"56374075224321062242874840591671121829",
"32942682289684704388808100865425784590",
"231372596963552484351277729658436342466"
],
"threshold": 0.9
},
"id": "CVE-2016-9534-15de4d54"
},
{
"source": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a",
"target": {
"function": "t2p_process_jpeg_strip",
"file": "tools/tiff2pdf.c"
},
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "252107940369276295645065162026460407848",
"length": 2387.0
},
"id": "CVE-2016-9534-2d110549"
},
{
"source": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a",
"target": {
"function": "loadImage",
"file": "tools/tiffcrop.c"
},
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "183740283451253688784876058306616725327",
"length": 9251.0
},
"id": "CVE-2016-9534-3cf0b408"
},
{
"source": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a",
"target": {
"function": "reverseSamplesBytes",
"file": "tools/tiffcrop.c"
},
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "246327942660240271211262596706791187246",
"length": 960.0
},
"id": "CVE-2016-9534-62a2ed5f"
},
{
"source": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a",
"target": {
"function": "horizontalDifference16",
"file": "libtiff/tif_pixarlog.c"
},
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "46982081775376058319603763350491718546",
"length": 1762.0
},
"id": "CVE-2016-9534-6406537e"
},
{
"source": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a",
"target": {
"file": "tools/tiffcrop.c"
},
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"205316624495461107143889132108106423089",
"265673044131452380636924265429562119016",
"125337659118349023288144630698566363386",
"194308659459503417629313897834588412062",
"201354101766401830369969390807717733159",
"322812330950112735422862359173324374874",
"143801085981218241387614880035211509851",
"35222736082261731618124106694282783867",
"148112448371721034374519135894250079489",
"117368531517646142325778349975948951145",
"71052179919210352563488475789413848625",
"42355639345712210594642651938861978648",
"337859860493266850707186932336961840713",
"39077536332336494230375252957937612789",
"55905503517158592613341906875436584565",
"163872770385938979460686356704112593704",
"15325757244220142807197424310764569655"
],
"threshold": 0.9
},
"id": "CVE-2016-9534-73478d2c"
},
{
"source": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a",
"target": {
"function": "horizontalDifference8",
"file": "libtiff/tif_pixarlog.c"
},
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "336974130481715274748212091977756961619",
"length": 1778.0
},
"id": "CVE-2016-9534-8cd04f6f"
},
{
"source": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a",
"target": {
"file": "libtiff/tif_pixarlog.c"
},
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"168778683988015749415761190987781815317",
"120539506771473592544892535126542465433",
"331473340755202819579353491512124111325",
"203499294147954101735967217266866951033",
"237595288556302920595583087057949187827",
"147900042652371771295313326495694145977",
"291264068232821951512332238850975179483",
"111984926203013891380286318167062785965",
"271273424029538886479444092822924698281",
"144357894407343751130021581969741292137",
"207001919918290765974801517422974678398",
"23026374422442736694843469488155482888",
"55321358480290313970788704418819198250",
"302239710542018439102186682450657734752",
"157535021048383647301343033324622981941",
"120539506771473592544892535126542465433",
"331473340755202819579353491512124111325",
"203499294147954101735967217266866951033",
"111023209860894570099536426590405128341",
"158390765308758213885367871576796815218",
"133892026813614459858318638180860386180",
"217873574642729785037476801754391779082",
"271273424029538886479444092822924698281",
"144357894407343751130021581969741292137",
"6745380161081907553222144472971406603",
"287001925648634010483687835199835264182",
"170434654942848681500090094038986343469",
"221434968346132474915114729019861790402",
"90829083827528446159166522768709829587",
"184871785926125041454975505904865795388",
"273779778197496942356304809905869924725",
"116409018182425777371419156417403555510",
"208872210663291046521675627166370283632",
"158390765308758213885367871576796815218",
"133892026813614459858318638180860386180",
"217873574642729785037476801754391779082",
"271273424029538886479444092822924698281",
"144357894407343751130021581969741292137",
"6745380161081907553222144472971406603",
"287001925648634010483687835199835264182",
"170434654942848681500090094038986343469",
"221434968346132474915114729019861790402",
"93662261141235397336793541586627527916"
],
"threshold": 0.9
},
"id": "CVE-2016-9534-af4b6863"
},
{
"source": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a",
"target": {
"function": "horizontalDifferenceF",
"file": "libtiff/tif_pixarlog.c"
},
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "9939657162050573481422511850061865316",
"length": 2036.0
},
"id": "CVE-2016-9534-b1b6e3ff"
},
{
"source": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a",
"target": {
"function": "TIFFFlushData1",
"file": "libtiff/tif_write.c"
},
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "236969961741366081545599122336855606428",
"length": 526.0
},
"id": "CVE-2016-9534-cfbf3dc1"
},
{
"source": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a",
"target": {
"file": "libtiff/tif_write.c"
},
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"16906484501165277227366997244179632832",
"202393771188039352727249793171890633838",
"66929609002313280633003932852104003162",
"115587544957025723080910332083760745579",
"297346610758618059012513128558105241319"
],
"threshold": 0.9
},
"id": "CVE-2016-9534-f811811a"
}
]