CVE-2016-9535

critical

Description

tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."

References

http://rhn.redhat.com/errata/RHSA-2017-0225.html

https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1

https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33

http://www.debian.org/security/2017/dsa-3844

Details

Published: 2016-11-22

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical