CVE-2016-9535

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-9535

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9535.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-9535

Related

Published

2016-11-22T19:59:03Z

Modified

2024-09-18T02:37:46.989602Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

tifpredict.h and tifpredict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."

References

Affected packages

Debian:11 / tiff

Package

Name: tiff
Purl: pkg:deb/debian/tiff?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.0.7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / tiff

Package

Name: tiff
Purl: pkg:deb/debian/tiff?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.0.7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / tiff

Package

Name: tiff
Purl: pkg:deb/debian/tiff?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.0.7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/vadz/libtiff

Affected ranges

Type: GIT
Repo: https://github.com/vadz/libtiff
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3ca657a8793dd011bf869695d72ad31c779c3cc1

Fixed

6a984bf7905c6621281588431f384e79d11a2e33

Type: GIT
Repo: https://gitlab.com/libtiff/libtiff
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

5612707c086cda76319552a0a2afeddcfa67d1b3

Affected versions

Other

Pre360

Release-

Release-3-7-0

Release-v3-5-

Release-v3-5-4

Release-v3-5-5

Release-v3-5-7

Release-v3-6-0

Release-v3-6-0beta2

Release-v3-6-1

Release-v3-7-0-alpha

Release-v3-7-0beta

Release-v3-7-0beta2

Release-v3-7-1

Release-v3-7-2

Release-v3-7-3

Release-v3-7-4

Release-v3-8-0

Release-v3-8-1

Release-v3-8-2

Release-v4-0-0

Release-v4-0-0alpha

Release-v4-0-0alpha4

Release-v4-0-0alpha5

Release-v4-0-0alpha6

Release-v4-0-0beta7

Release-v4-0-1

Release-v4-0-2

Release-v4-0-3

Release-v4-0-4

Release-v4-0-4beta

Release-v4-0-5

Release-v4-0-6

v3.*

v3.5.3

v3.5.4

v3.5.5

v3.5.7

v3.6.0

v3.6.0beta2

v3.6.1

v3.7.0

v3.7.0alpha

v3.7.0beta

v3.7.0beta2

v3.7.1

v3.7.2

v3.7.3

v3.7.4

v3.8.0

v3.8.1

v3.8.2

v4.*

v4.0.0

v4.0.0alpha

v4.0.0alpha4

v4.0.0alpha5

v4.0.0alpha6

v4.0.0beta7

v4.0.1

v4.0.2

v4.0.3

v4.0.4

v4.0.4beta

v4.0.5

v4.0.6