tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow."
{ "vanir_signatures": [ { "signature_version": "v1", "signature_type": "Function", "target": { "file": "tools/tiffcp.c", "function": "DECLAREreadFunc" }, "deprecated": false, "digest": { "length": 1112.0, "function_hash": "207524068906828631989641842792468108303" }, "id": "CVE-2016-9540-14ce97fd", "source": "https://github.com/vadz/libtiff/commit/5ad9d8016fbb60109302d558f7edb2cb2a3bb8e3" }, { "signature_version": "v1", "signature_type": "Function", "target": { "file": "tools/tiffcp.c", "function": "DECLAREwriteFunc" }, "deprecated": false, "digest": { "length": 1114.0, "function_hash": "195565821341471143227011566239408712014" }, "id": "CVE-2016-9540-6dbdf5a6", "source": "https://github.com/vadz/libtiff/commit/5ad9d8016fbb60109302d558f7edb2cb2a3bb8e3" }, { "signature_version": "v1", "signature_type": "Line", "target": { "file": "tools/tiffcp.c" }, "deprecated": false, "digest": { "line_hashes": [ "34526652489744293167320693439694332065", "65740507902341232373190466765183987449", "154738245544947738771589024196496874484", "184235936083252003010603516386408026816", "34526652489744293167320693439694332065", "322474512737234513158984885363131714047", "48270571887375478153307819412452982050", "18898764740452236580005303907312585781" ], "threshold": 0.9 }, "id": "CVE-2016-9540-92bc6797", "source": "https://github.com/vadz/libtiff/commit/5ad9d8016fbb60109302d558f7edb2cb2a3bb8e3" } ] }