CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2016-9535

tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."

Exploit prediction scoring system (EPSS) score

EPSS Score 0.008

EPSS Ranking 72.7%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

http://rhn.redhat.com/errata/RHSA-2017-0225.html
http://www.debian.org/security/2017/dsa-3844
http://www.securityfocus.com/bid/94484
http://www.securityfocus.com/bid/94744
https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1
https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33
http://rhn.redhat.com/errata/RHSA-2017-0225.html
http://www.debian.org/security/2017/dsa-3844
http://www.securityfocus.com/bid/94484
http://www.securityfocus.com/bid/94744
https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1
https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33

Products affected by CVE-2016-9535

Libtiff » Libtiff » Version: 4.0.6

cpe:2.3:a:libtiff:libtiff:4.0.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-9535

Products

Pricing

Contact Us