CVE-2016-9535 - OpenCVE

tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Libtiff	Libtiff

Configuration 1 [-]

cpe:2.3:a:libtiff:libtiff:4.0.6:*:*:*:*:*:*:*

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2017-0225.html
http://www.debian.org/security/2017/dsa-3844
http://www.securityfocus.com/bid/94484	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/94744
https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1	Issue Tracking Patch Third Party Advisory
https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33	Issue Tracking Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2016-11-22T19:00:00

Updated: 2018-01-04T19:57:01

Reserved: 2016-11-21T00:00:00

Link: CVE-2016-9535

JSON object: View

NVD Information

Status : Modified

Published: 2016-11-22T19:59:03.387

Modified: 2018-01-05T02:31:22.213

Link: CVE-2016-9535

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-11-22T00:00:00", "descriptions": [{"lang": "en", "value": "tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka \"Predictor heap-buffer-overflow.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-04T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "DSA-3844", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-3844"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33"}, {"name": "RHSA-2017:0225", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html"}, {"name": "94744", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94744"}, {"name": "94484", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94484"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-9535", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka \"Predictor heap-buffer-overflow.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-3844", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3844"}, {"name": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1", "refsource": "CONFIRM", "url": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1"}, {"name": "https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33", "refsource": "CONFIRM", "url": "https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33"}, {"name": "RHSA-2017:0225", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html"}, {"name": "94744", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94744"}, {"name": "94484", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94484"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-9535", "datePublished": "2016-11-22T19:00:00", "dateReserved": "2016-11-21T00:00:00", "dateUpdated": "2018-01-04T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libtiff:libtiff:4.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "33708995-494C-476D-B0E3-1E78B9328699", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka \"Predictor heap-buffer-overflow.\""}, {"lang": "es", "value": "tif_predict.h y tif_predict.c en libtiff 4.0.6 tienen aserciones que pueden conducir a fallos de aserci\u00f3n en modo debug, o desbordamientos de b\u00fafer en modo de liberaci\u00f3n, cuando trata con un tama\u00f1o inusual de tile como YCbCr con submuestreo. Reportado como MSVR 35105, vulnerabilidad tambi\u00e9n conocida como \"Predictor heap-buffer-overflow\"."}], "id": "CVE-2016-9535", "lastModified": "2018-01-05T02:31:22.213", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-11-22T19:59:03.387", "references": [{"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2017/dsa-3844"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94484"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/94744"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}