CVE-2016-9535

HIGH

Description

tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."

References

http://rhn.redhat.com/errata/RHSA-2017-0225.html

http://www.debian.org/security/2017/dsa-3844

http://www.securityfocus.com/bid/94484

http://www.securityfocus.com/bid/94744

https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1

https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33

Details

Source: MITRE

Published: 2016-11-22

Updated: 2018-01-05

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL