Vulnerability Details : CVE-2016-9535
tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."
Vulnerability category: Overflow
Products affected by CVE-2016-9535
- cpe:2.3:a:libtiff:libtiff:4.0.6:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-9535
2.94%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-9535
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2016-9535
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-9535
-
http://www.securityfocus.com/bid/94744
LibTIFF CVE-2016-9535 Heap Buffer Overflow Vulnerability
-
http://www.securityfocus.com/bid/94484
RETIRED: LibTIFF Multiple Security VulnerabilitesThird Party Advisory;VDB Entry
-
https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33
* libtiff/tif_predic.c: fix memory leaks in error code paths added in · vadz/libtiff@6a984bf · GitHubIssue Tracking;Patch;Third Party Advisory
-
https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1
* libtiff/tif_predict.h, libtiff/tif_predict.c: · vadz/libtiff@3ca657a · GitHubIssue Tracking;Patch;Third Party Advisory
-
http://www.debian.org/security/2017/dsa-3844
Debian -- Security Information -- DSA-3844-1 tiff
-
http://rhn.redhat.com/errata/RHSA-2017-0225.html
RHSA-2017:0225 - Security Advisory - Red Hat Customer Portal
Jump to