CVE-2016-9535
Published: 22 November 2016
tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."
Notes
Author | Note |
---|---|
mdeslaur | this will not be fixed in precise/esm |
Priority
Status
Package | Release | Status |
---|---|---|
tiff Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(4.0.7-1)
|
precise |
Ignored
(end of life)
|
|
trusty |
Released
(4.0.3-7ubuntu0.6)
|
|
upstream |
Released
(4.0.7-1)
|
|
xenial |
Released
(4.0.6-1ubuntu0.1)
|
|
yakkety |
Released
(4.0.6-2ubuntu0.1)
|
|
zesty |
Not vulnerable
(4.0.7-1)
|
|
Patches: upstream: https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1 upstream: https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |