CVE-2016-9535

Source
https://nvd.nist.gov/vuln/detail/CVE-2016-9535
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9535.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-9535
Downstream
Related
Published
2016-11-22T19:59:03Z
Modified
2025-10-30T09:51:35.374731Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

tifpredict.h and tifpredict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."

References

Affected packages

Git / github.com/vadz/libtiff

Affected ranges

Type
GIT
Repo
https://github.com/vadz/libtiff
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

Other

Pre360
Release-
Release-3-7-0
Release-v3-5-
Release-v3-5-4
Release-v3-5-5
Release-v3-5-7
Release-v3-6-0
Release-v3-6-0beta2
Release-v3-6-1
Release-v3-7-0-alpha
Release-v3-7-0beta
Release-v3-7-0beta2
Release-v3-7-1
Release-v3-7-2
Release-v3-7-3
Release-v3-7-4
Release-v3-8-0
Release-v3-8-1
Release-v3-8-2
Release-v4-0-0
Release-v4-0-0alpha
Release-v4-0-0alpha4
Release-v4-0-0alpha5
Release-v4-0-0alpha6
Release-v4-0-0beta7
Release-v4-0-1
Release-v4-0-2
Release-v4-0-3
Release-v4-0-4
Release-v4-0-4beta
Release-v4-0-5
Release-v4-0-6

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "id": "CVE-2016-9535-21a09b17",
        "target": {
            "function": "PredictorEncodeTile",
            "file": "libtiff/tif_predict.c"
        },
        "source": "https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33",
        "signature_version": "v1",
        "digest": {
            "function_hash": "33438023922335958403027861108369435097",
            "length": 971.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "id": "CVE-2016-9535-21a62c3e",
        "target": {
            "function": "swabHorDiff32",
            "file": "libtiff/tif_predict.c"
        },
        "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1",
        "signature_version": "v1",
        "digest": {
            "function_hash": "202112037355910350314807661606348903076",
            "length": 193.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "id": "CVE-2016-9535-276fda65",
        "target": {
            "function": "PredictorDecodeTile",
            "file": "libtiff/tif_predict.c"
        },
        "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1",
        "signature_version": "v1",
        "digest": {
            "function_hash": "184992262770447987855632056899924960410",
            "length": 517.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "id": "CVE-2016-9535-2b43ebde",
        "target": {
            "file": "libtiff/tif_predict.c"
        },
        "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "261216747197544161885780539738058574608",
                "204875526020822327172325554141205118236",
                "169280555840795216092410791154823169671",
                "93387289301672846274021466163740944234",
                "89722084998747174049558402595045530229",
                "53978131051627761841638122305239234594",
                "92139698161269378584448546751974355237",
                "218033777424840085956168346478189955146",
                "173562032052913763204616893670163871529",
                "59772104789028288424524406531691133701",
                "168216118651488941563407684875687376460",
                "276227255640016495411064368422751486583",
                "162817855906778422021599614065481804161",
                "75239090941942994308511347890910020783",
                "26083462127943261703778269971104141551",
                "170366677663820355181450097743747993320",
                "69088313966155961681384823169459330427",
                "98098571162348030533861241892810405897",
                "275339619459570386407458966692527532112",
                "165524428730503513520768627999054902463",
                "253636620897231989402729106626118631509",
                "34284046229333531150627043438115893962",
                "119588633803753493787033938876036142977",
                "114156870765192471573896503769426331647",
                "320201969646789997698421904828162994337",
                "173878156555487118740790950504304142821",
                "181766126657142311974140449970225806607",
                "209757422492588127305903305466521894189",
                "264432991638146080738392348267745735443",
                "264689667708367412735011951792766627566",
                "299342770356102123003592761892122574840",
                "166742601443984225550752263041498404277",
                "230475067189510006469766832980179409543",
                "221760411091601688958324600133782232509",
                "229447914869026274132167062444563841417",
                "25381216824514169848685677087792994761",
                "27617578685833025681012773012280994401",
                "232721568842987816265073904105127648947",
                "101145998970532216299401227395458455341",
                "160213832243623736671795706366339924760",
                "201127395989126374763197378088961410637",
                "269282657674526036962442596161869459674",
                "310035838356594104595411171449930729876",
                "89469100578155462544569555734643301568",
                "212247207482093557517832476673230460101",
                "187892194104409241736067288802950282764",
                "51720237313748291304069337284147885705",
                "116260321921890444634450185616337597462",
                "171809281404049194992808159713599505883",
                "203486425376982096420026891281156994883",
                "324842486338875830146705086966052987864",
                "132927347058582409711672473589907375944",
                "191432587752728724833189536044353006728",
                "254450928878187828843153523964358868875",
                "287050658238577614039242154506501323490",
                "277713896081436109015161703535506392236",
                "295384038813198301273276281040418615259",
                "5294313042832535779615571973931726749",
                "112381553462187816801670065297946094946",
                "236735664121532714673948537690648925492",
                "247065014043320309633802494006515324885",
                "188045776268132996966400253092030023610",
                "38143383255539705788472103239455009309",
                "176765799637775392835762278179653170040",
                "212247207482093557517832476673230460101",
                "187892194104409241736067288802950282764",
                "397571604025777735857428835763730489",
                "35853964082440227133542547486019387260",
                "138499664257233406659551045238237954213",
                "16792176028829716719496546036043956049",
                "312363574776531423281852985623975443880",
                "280561935669420456724292602952252272716",
                "279019357776041959397966459962680264814",
                "266956413772630722161606270973598878792",
                "26996250107358816560686593872477908882",
                "223738372855588217240627431939494869244",
                "229599646059137685456329063374212000457",
                "262577908426894194077380237768717535130",
                "40597596588941298990824017465538184829",
                "45814490290565097308324146196516716722",
                "79283068765131786396493434806802328024",
                "287228870289512332876850879528564702455",
                "32555078261466544033927279049455346065",
                "22414294858626776819702285795817345398",
                "259248672351234693092410022745228839237",
                "53711036798892785051368833862155738806",
                "87376200204613743461556288060442799912",
                "18879279871474488644040896044794712896",
                "218598709106944436415688398038136408160",
                "60817314799231641987651347289767443969",
                "144698470728293637566702447340412706692",
                "319660836871541674312787001732167154757",
                "283334726527911677417741869024291338104",
                "59205744002858352497477289977429831432",
                "194264458166475910792404654883601885827",
                "10099349801893439896173512356159321865",
                "238169097015477007146193718115730749752",
                "109957946280189619871860065223268910350",
                "40858570402993020224607947591474507188",
                "165592009938754204630841902916612224059",
                "213709958130923717100280030074286427368",
                "26367525634198808324867327916250614075",
                "269005597747942385559582834913622848583",
                "173878156555487118740790950504304142821",
                "1727971838967042040762133131665413409",
                "215784981163846813072247592659821234770",
                "327435520669212449830900635110910366901",
                "137019557449877111287644104277021707151",
                "201127395989126374763197378088961410637",
                "269282657674526036962442596161869459674",
                "174229446356323571751667139705589423960",
                "321623851913463861327541534261740953775",
                "212247207482093557517832476673230460101",
                "187892194104409241736067288802950282764",
                "332120007208474750311786660793958754606",
                "295151076069210490493618185992320196018",
                "127537402781650318556533622973528695079",
                "203077820274264282809123866217033389981",
                "68640494764636047207656350822578296203",
                "248550218523045943631657820874455098654",
                "133356447557050568539312309201336073978",
                "158648737178852531660033527506292608029",
                "158559667826735099589143395574645626476",
                "49368375461848919139922384529001140953",
                "96379463902653958107366181920515327124",
                "249784589267379621402534432370315558802",
                "247065014043320309633802494006515324885",
                "188045776268132996966400253092030023610",
                "308049302462863995007742191612405905454",
                "83961412082341330045612693702240415752",
                "212247207482093557517832476673230460101",
                "187892194104409241736067288802950282764",
                "104687558795424287761833048677605960307",
                "296685850653910284075301847447278613681",
                "9196370545177364092206719668277146838",
                "217315381591564540302841336918440619151",
                "264894580413949111625625975106125515107",
                "64400986129603131692552959251640409283",
                "68816854897385025850321559002752942431",
                "292876760946427832019178946535132435615",
                "248868804560951817732601269440589203855",
                "51321154998989920628801034125251556548",
                "187128180152788120204862597946549688484",
                "131534407090690625506586504246323410867",
                "312363574776531423281852985623975443880",
                "280561935669420456724292602952252272716",
                "75327053814029057871931606152360450066",
                "291928655029028502005195264959123225209",
                "188089470757917946186323001008474526132",
                "23262952306847750378571044471285039371",
                "149600989531258936506360345957492193437",
                "6941662794330502652283678479664977220",
                "226722899927806060070115319202730282531",
                "320686526123068060023132321327147132592",
                "245807925354893737636395260243086035121",
                "63869819962082865145497901506337622503",
                "137376293972105702542152103200032183188",
                "37259134356476570938241045324664025631",
                "64903480435328995977485239321147922921",
                "320109702306631153089796891664150197962",
                "320849409805006650144067212999819378576"
            ],
            "threshold": 0.9
        },
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "id": "CVE-2016-9535-3c164294",
        "target": {
            "file": "libtiff/tif_predict.h"
        },
        "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "134205239593771686444451453477153038893",
                "70181563830162930924240681946432007063",
                "334642212587000913486640124980269500319",
                "270652846444513752393979056430255246945",
                "334453991407783206968120732693852336431",
                "149690041145000177838200561337563478565",
                "106673241138169917329756552636326767793",
                "324678320268165838108172017665335996045",
                "212952606156698099132874329029155270704"
            ],
            "threshold": 0.9
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "id": "CVE-2016-9535-47526f08",
        "target": {
            "function": "fpAcc",
            "file": "libtiff/tif_predict.c"
        },
        "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1",
        "signature_version": "v1",
        "digest": {
            "function_hash": "171040195149164366728271902811662019313",
            "length": 826.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "id": "CVE-2016-9535-57736f03",
        "target": {
            "function": "fpDiff",
            "file": "libtiff/tif_predict.c"
        },
        "source": "https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33",
        "signature_version": "v1",
        "digest": {
            "function_hash": "247869117750426373389335569286105952556",
            "length": 953.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "id": "CVE-2016-9535-57b8f762",
        "target": {
            "function": "PredictorDecodeRow",
            "file": "libtiff/tif_predict.c"
        },
        "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1",
        "signature_version": "v1",
        "digest": {
            "function_hash": "161372326862305423684924876063079885996",
            "length": 379.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "id": "CVE-2016-9535-7267c10b",
        "target": {
            "function": "horDiff32",
            "file": "libtiff/tif_predict.c"
        },
        "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1",
        "signature_version": "v1",
        "digest": {
            "function_hash": "274416111811421074790132037766706175902",
            "length": 378.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "id": "CVE-2016-9535-73608aee",
        "target": {
            "function": "fpAcc",
            "file": "libtiff/tif_predict.c"
        },
        "source": "https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33",
        "signature_version": "v1",
        "digest": {
            "function_hash": "214836327272677527236890554075706065370",
            "length": 922.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "id": "CVE-2016-9535-7505827a",
        "target": {
            "function": "horAcc32",
            "file": "libtiff/tif_predict.c"
        },
        "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1",
        "signature_version": "v1",
        "digest": {
            "function_hash": "75952545727149332452222831438042026001",
            "length": 341.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "id": "CVE-2016-9535-9fbb1868",
        "target": {
            "file": "libtiff/tif_predict.c"
        },
        "source": "https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "243537253012095232706018147322584964083",
                "328793604765054568277458339384610724883",
                "173215819473755194764655104316010686419",
                "199422481867919143423721054010706911540",
                "8557538063707369504417648543711635394",
                "8083623373425167319000831259911679740",
                "85368011416744430142508291262187983305",
                "78580468177287185386221164314403802048",
                "171265541845092943189763909690756428842",
                "171127729429503044325544238934172733556",
                "170924229996705184237776138572835518269",
                "283910340509617888939277177227310435451",
                "3663573744890979848304579524704794678",
                "8083623373425167319000831259911679740",
                "132747715903068621805235146338990386343",
                "163310138971906068926364150861312351117",
                "295813915796687586699285067718406720854",
                "207117491776832991070186849829053997506",
                "231698337745173978894984973294697725306"
            ],
            "threshold": 0.9
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "id": "CVE-2016-9535-ae521d26",
        "target": {
            "function": "horAcc8",
            "file": "libtiff/tif_predict.c"
        },
        "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1",
        "signature_version": "v1",
        "digest": {
            "function_hash": "313666045367366105442323613504502185156",
            "length": 1262.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "id": "CVE-2016-9535-b8d41760",
        "target": {
            "function": "horDiff8",
            "file": "libtiff/tif_predict.c"
        },
        "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1",
        "signature_version": "v1",
        "digest": {
            "function_hash": "336129129415190154953553427868859441327",
            "length": 1488.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "id": "CVE-2016-9535-c07c5a9a",
        "target": {
            "function": "swabHorAcc16",
            "file": "libtiff/tif_predict.c"
        },
        "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1",
        "signature_version": "v1",
        "digest": {
            "function_hash": "245000748359933944360903661653903665701",
            "length": 193.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "id": "CVE-2016-9535-daf1ee21",
        "target": {
            "function": "swabHorAcc32",
            "file": "libtiff/tif_predict.c"
        },
        "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1",
        "signature_version": "v1",
        "digest": {
            "function_hash": "122050190341139738960804041940933097822",
            "length": 193.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "id": "CVE-2016-9535-deaa4e66",
        "target": {
            "function": "PredictorEncodeRow",
            "file": "libtiff/tif_predict.c"
        },
        "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1",
        "signature_version": "v1",
        "digest": {
            "function_hash": "282693645718852883451823726369794439334",
            "length": 350.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "id": "CVE-2016-9535-e29415d2",
        "target": {
            "function": "swabHorDiff16",
            "file": "libtiff/tif_predict.c"
        },
        "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1",
        "signature_version": "v1",
        "digest": {
            "function_hash": "158902631558467282773649354203087184658",
            "length": 193.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "id": "CVE-2016-9535-e75c9d6c",
        "target": {
            "function": "PredictorEncodeTile",
            "file": "libtiff/tif_predict.c"
        },
        "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1",
        "signature_version": "v1",
        "digest": {
            "function_hash": "30291917893125969486252093361531272353",
            "length": 873.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "id": "CVE-2016-9535-e98a0fa6",
        "target": {
            "function": "horAcc16",
            "file": "libtiff/tif_predict.c"
        },
        "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1",
        "signature_version": "v1",
        "digest": {
            "function_hash": "83933759554897251928352728546898234334",
            "length": 419.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "id": "CVE-2016-9535-ecf69c41",
        "target": {
            "function": "fpDiff",
            "file": "libtiff/tif_predict.c"
        },
        "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1",
        "signature_version": "v1",
        "digest": {
            "function_hash": "307214869499057035791033897634522056438",
            "length": 851.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "id": "CVE-2016-9535-efcd2186",
        "target": {
            "function": "horDiff16",
            "file": "libtiff/tif_predict.c"
        },
        "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1",
        "signature_version": "v1",
        "digest": {
            "function_hash": "94877657018150311123884046479567264667",
            "length": 456.0
        },
        "deprecated": false
    }
]

Git / gitlab.com/libtiff/libtiff

Affected ranges

Type
GIT
Repo
https://gitlab.com/libtiff/libtiff
Events
Introduced
0 Unknown introduced commit / All previous commits are affected