tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092.
{ "vanir_signatures": [ { "signature_version": "v1", "signature_type": "Line", "target": { "file": "tools/tiffcrop.c" }, "deprecated": false, "digest": { "line_hashes": [ "65884061105756595573118799420224625799", "66547276317594428300237571237893861242", "201205514364175470703619196560514719937", "290783615890930388195838629783739256122", "254025649800993799708459213079005135922", "251734036716805371189119712727575713841" ], "threshold": 0.9 }, "id": "CVE-2016-9539-99c26335", "source": "https://github.com/vadz/libtiff/commit/ae9365db1b271b62b35ce018eac8799b1d5e8a53" }, { "signature_version": "v1", "signature_type": "Function", "target": { "file": "tools/tiffcrop.c", "function": "readContigTilesIntoBuffer" }, "deprecated": false, "digest": { "length": 3767.0, "function_hash": "78119436504352156090388736301189678683" }, "id": "CVE-2016-9539-b8d2fecc", "source": "https://github.com/vadz/libtiff/commit/ae9365db1b271b62b35ce018eac8799b1d5e8a53" } ] }