CVE-2016-9535

NameCVE-2016-9535
Descriptiontif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-795-1, DLA-880-1, DSA-3844-1
NVD severityhigh

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
tiff (PTS)stretch4.0.8-2+deb9u4fixed
stretch (security)4.0.8-2+deb9u5fixed
buster, buster (security)4.1.0+git191117-2~deb10u1fixed
bullseye, sid4.1.0+git191117-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
tiffsource(unstable)4.0.7-1
tiffsourcejessie4.0.3-12.3+deb8u3DSA-3844-1
tiffsourcewheezy4.0.2-6+deb7u9DLA-795-1
tiff3source(unstable)(unfixed)
tiff3sourcewheezy3.9.6-11+deb7u4DLA-880-1

Notes

https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1
https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33

Search for package or bug name: Reporting problems