| Name | CVE-2016-9535 |
| Description | tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow." |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-795-1, DLA-880-1, DSA-3844-1 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| tiff (PTS) | bullseye (security), bullseye | 4.2.0-1+deb11u5 | fixed |
| bookworm, bookworm (security) | 4.5.0-6+deb12u1 | fixed | |
| sid, trixie | 4.5.1+git230720-5 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| tiff | source | wheezy | 4.0.2-6+deb7u9 | DLA-795-1 | ||
| tiff | source | jessie | 4.0.3-12.3+deb8u3 | DSA-3844-1 | ||
| tiff | source | (unstable) | 4.0.7-1 | |||
| tiff3 | source | wheezy | 3.9.6-11+deb7u4 | DLA-880-1 | ||
| tiff3 | source | (unstable) | (unfixed) |
https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1
https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33