CVE-2016-9535

Source
https://nvd.nist.gov/vuln/detail/CVE-2016-9535
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9535.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-9535
Downstream
Related
Published
2016-11-22T19:59:03Z
Modified
2025-10-15T08:30:13.405134Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

tifpredict.h and tifpredict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."

References

Affected packages

Git / github.com/vadz/libtiff

Affected ranges

Type
GIT
Repo
https://github.com/vadz/libtiff
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Type
GIT
Repo
https://gitlab.com/libtiff/libtiff
Events
Introduced
0 Unknown introduced commit / All previous commits are affected

Affected versions

Other

Pre360
Release-
Release-3-7-0
Release-v3-5-
Release-v3-5-4
Release-v3-5-5
Release-v3-5-7
Release-v3-6-0
Release-v3-6-0beta2
Release-v3-6-1
Release-v3-7-0-alpha
Release-v3-7-0beta
Release-v3-7-0beta2
Release-v3-7-1
Release-v3-7-2
Release-v3-7-3
Release-v3-7-4
Release-v3-8-0
Release-v3-8-1
Release-v3-8-2
Release-v4-0-0
Release-v4-0-0alpha
Release-v4-0-0alpha4
Release-v4-0-0alpha5
Release-v4-0-0alpha6
Release-v4-0-0beta7
Release-v4-0-1
Release-v4-0-2
Release-v4-0-3
Release-v4-0-4
Release-v4-0-4beta
Release-v4-0-5
Release-v4-0-6

Database specific

{
    "vanir_signatures": [
        {
            "signature_type": "Function",
            "target": {
                "file": "libtiff/tif_predict.c",
                "function": "PredictorEncodeTile"
            },
            "id": "CVE-2016-9535-21a09b17",
            "digest": {
                "length": 971.0,
                "function_hash": "33438023922335958403027861108369435097"
            },
            "deprecated": false,
            "source": "https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33",
            "signature_version": "v1"
        },
        {
            "signature_type": "Function",
            "target": {
                "file": "libtiff/tif_predict.c",
                "function": "swabHorDiff32"
            },
            "id": "CVE-2016-9535-21a62c3e",
            "digest": {
                "length": 193.0,
                "function_hash": "202112037355910350314807661606348903076"
            },
            "deprecated": false,
            "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1",
            "signature_version": "v1"
        },
        {
            "signature_type": "Function",
            "target": {
                "file": "libtiff/tif_predict.c",
                "function": "PredictorDecodeTile"
            },
            "id": "CVE-2016-9535-276fda65",
            "digest": {
                "length": 517.0,
                "function_hash": "184992262770447987855632056899924960410"
            },
            "deprecated": false,
            "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1",
            "signature_version": "v1"
        },
        {
            "signature_type": "Line",
            "target": {
                "file": "libtiff/tif_predict.c"
            },
            "id": "CVE-2016-9535-2b43ebde",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "261216747197544161885780539738058574608",
                    "204875526020822327172325554141205118236",
                    "169280555840795216092410791154823169671",
                    "93387289301672846274021466163740944234",
                    "89722084998747174049558402595045530229",
                    "53978131051627761841638122305239234594",
                    "92139698161269378584448546751974355237",
                    "218033777424840085956168346478189955146",
                    "173562032052913763204616893670163871529",
                    "59772104789028288424524406531691133701",
                    "168216118651488941563407684875687376460",
                    "276227255640016495411064368422751486583",
                    "162817855906778422021599614065481804161",
                    "75239090941942994308511347890910020783",
                    "26083462127943261703778269971104141551",
                    "170366677663820355181450097743747993320",
                    "69088313966155961681384823169459330427",
                    "98098571162348030533861241892810405897",
                    "275339619459570386407458966692527532112",
                    "165524428730503513520768627999054902463",
                    "253636620897231989402729106626118631509",
                    "34284046229333531150627043438115893962",
                    "119588633803753493787033938876036142977",
                    "114156870765192471573896503769426331647",
                    "320201969646789997698421904828162994337",
                    "173878156555487118740790950504304142821",
                    "181766126657142311974140449970225806607",
                    "209757422492588127305903305466521894189",
                    "264432991638146080738392348267745735443",
                    "264689667708367412735011951792766627566",
                    "299342770356102123003592761892122574840",
                    "166742601443984225550752263041498404277",
                    "230475067189510006469766832980179409543",
                    "221760411091601688958324600133782232509",
                    "229447914869026274132167062444563841417",
                    "25381216824514169848685677087792994761",
                    "27617578685833025681012773012280994401",
                    "232721568842987816265073904105127648947",
                    "101145998970532216299401227395458455341",
                    "160213832243623736671795706366339924760",
                    "201127395989126374763197378088961410637",
                    "269282657674526036962442596161869459674",
                    "310035838356594104595411171449930729876",
                    "89469100578155462544569555734643301568",
                    "212247207482093557517832476673230460101",
                    "187892194104409241736067288802950282764",
                    "51720237313748291304069337284147885705",
                    "116260321921890444634450185616337597462",
                    "171809281404049194992808159713599505883",
                    "203486425376982096420026891281156994883",
                    "324842486338875830146705086966052987864",
                    "132927347058582409711672473589907375944",
                    "191432587752728724833189536044353006728",
                    "254450928878187828843153523964358868875",
                    "287050658238577614039242154506501323490",
                    "277713896081436109015161703535506392236",
                    "295384038813198301273276281040418615259",
                    "5294313042832535779615571973931726749",
                    "112381553462187816801670065297946094946",
                    "236735664121532714673948537690648925492",
                    "247065014043320309633802494006515324885",
                    "188045776268132996966400253092030023610",
                    "38143383255539705788472103239455009309",
                    "176765799637775392835762278179653170040",
                    "212247207482093557517832476673230460101",
                    "187892194104409241736067288802950282764",
                    "397571604025777735857428835763730489",
                    "35853964082440227133542547486019387260",
                    "138499664257233406659551045238237954213",
                    "16792176028829716719496546036043956049",
                    "312363574776531423281852985623975443880",
                    "280561935669420456724292602952252272716",
                    "279019357776041959397966459962680264814",
                    "266956413772630722161606270973598878792",
                    "26996250107358816560686593872477908882",
                    "223738372855588217240627431939494869244",
                    "229599646059137685456329063374212000457",
                    "262577908426894194077380237768717535130",
                    "40597596588941298990824017465538184829",
                    "45814490290565097308324146196516716722",
                    "79283068765131786396493434806802328024",
                    "287228870289512332876850879528564702455",
                    "32555078261466544033927279049455346065",
                    "22414294858626776819702285795817345398",
                    "259248672351234693092410022745228839237",
                    "53711036798892785051368833862155738806",
                    "87376200204613743461556288060442799912",
                    "18879279871474488644040896044794712896",
                    "218598709106944436415688398038136408160",
                    "60817314799231641987651347289767443969",
                    "144698470728293637566702447340412706692",
                    "319660836871541674312787001732167154757",
                    "283334726527911677417741869024291338104",
                    "59205744002858352497477289977429831432",
                    "194264458166475910792404654883601885827",
                    "10099349801893439896173512356159321865",
                    "238169097015477007146193718115730749752",
                    "109957946280189619871860065223268910350",
                    "40858570402993020224607947591474507188",
                    "165592009938754204630841902916612224059",
                    "213709958130923717100280030074286427368",
                    "26367525634198808324867327916250614075",
                    "269005597747942385559582834913622848583",
                    "173878156555487118740790950504304142821",
                    "1727971838967042040762133131665413409",
                    "215784981163846813072247592659821234770",
                    "327435520669212449830900635110910366901",
                    "137019557449877111287644104277021707151",
                    "201127395989126374763197378088961410637",
                    "269282657674526036962442596161869459674",
                    "174229446356323571751667139705589423960",
                    "321623851913463861327541534261740953775",
                    "212247207482093557517832476673230460101",
                    "187892194104409241736067288802950282764",
                    "332120007208474750311786660793958754606",
                    "295151076069210490493618185992320196018",
                    "127537402781650318556533622973528695079",
                    "203077820274264282809123866217033389981",
                    "68640494764636047207656350822578296203",
                    "248550218523045943631657820874455098654",
                    "133356447557050568539312309201336073978",
                    "158648737178852531660033527506292608029",
                    "158559667826735099589143395574645626476",
                    "49368375461848919139922384529001140953",
                    "96379463902653958107366181920515327124",
                    "249784589267379621402534432370315558802",
                    "247065014043320309633802494006515324885",
                    "188045776268132996966400253092030023610",
                    "308049302462863995007742191612405905454",
                    "83961412082341330045612693702240415752",
                    "212247207482093557517832476673230460101",
                    "187892194104409241736067288802950282764",
                    "104687558795424287761833048677605960307",
                    "296685850653910284075301847447278613681",
                    "9196370545177364092206719668277146838",
                    "217315381591564540302841336918440619151",
                    "264894580413949111625625975106125515107",
                    "64400986129603131692552959251640409283",
                    "68816854897385025850321559002752942431",
                    "292876760946427832019178946535132435615",
                    "248868804560951817732601269440589203855",
                    "51321154998989920628801034125251556548",
                    "187128180152788120204862597946549688484",
                    "131534407090690625506586504246323410867",
                    "312363574776531423281852985623975443880",
                    "280561935669420456724292602952252272716",
                    "75327053814029057871931606152360450066",
                    "291928655029028502005195264959123225209",
                    "188089470757917946186323001008474526132",
                    "23262952306847750378571044471285039371",
                    "149600989531258936506360345957492193437",
                    "6941662794330502652283678479664977220",
                    "226722899927806060070115319202730282531",
                    "320686526123068060023132321327147132592",
                    "245807925354893737636395260243086035121",
                    "63869819962082865145497901506337622503",
                    "137376293972105702542152103200032183188",
                    "37259134356476570938241045324664025631",
                    "64903480435328995977485239321147922921",
                    "320109702306631153089796891664150197962",
                    "320849409805006650144067212999819378576"
                ]
            },
            "deprecated": false,
            "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1",
            "signature_version": "v1"
        },
        {
            "signature_type": "Line",
            "target": {
                "file": "libtiff/tif_predict.h"
            },
            "id": "CVE-2016-9535-3c164294",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "134205239593771686444451453477153038893",
                    "70181563830162930924240681946432007063",
                    "334642212587000913486640124980269500319",
                    "270652846444513752393979056430255246945",
                    "334453991407783206968120732693852336431",
                    "149690041145000177838200561337563478565",
                    "106673241138169917329756552636326767793",
                    "324678320268165838108172017665335996045",
                    "212952606156698099132874329029155270704"
                ]
            },
            "deprecated": false,
            "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1",
            "signature_version": "v1"
        },
        {
            "signature_type": "Function",
            "target": {
                "file": "libtiff/tif_predict.c",
                "function": "fpAcc"
            },
            "id": "CVE-2016-9535-47526f08",
            "digest": {
                "length": 826.0,
                "function_hash": "171040195149164366728271902811662019313"
            },
            "deprecated": false,
            "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1",
            "signature_version": "v1"
        },
        {
            "signature_type": "Function",
            "target": {
                "file": "libtiff/tif_predict.c",
                "function": "fpDiff"
            },
            "id": "CVE-2016-9535-57736f03",
            "digest": {
                "length": 953.0,
                "function_hash": "247869117750426373389335569286105952556"
            },
            "deprecated": false,
            "source": "https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33",
            "signature_version": "v1"
        },
        {
            "signature_type": "Function",
            "target": {
                "file": "libtiff/tif_predict.c",
                "function": "PredictorDecodeRow"
            },
            "id": "CVE-2016-9535-57b8f762",
            "digest": {
                "length": 379.0,
                "function_hash": "161372326862305423684924876063079885996"
            },
            "deprecated": false,
            "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1",
            "signature_version": "v1"
        },
        {
            "signature_type": "Function",
            "target": {
                "file": "libtiff/tif_predict.c",
                "function": "horDiff32"
            },
            "id": "CVE-2016-9535-7267c10b",
            "digest": {
                "length": 378.0,
                "function_hash": "274416111811421074790132037766706175902"
            },
            "deprecated": false,
            "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1",
            "signature_version": "v1"
        },
        {
            "signature_type": "Function",
            "target": {
                "file": "libtiff/tif_predict.c",
                "function": "fpAcc"
            },
            "id": "CVE-2016-9535-73608aee",
            "digest": {
                "length": 922.0,
                "function_hash": "214836327272677527236890554075706065370"
            },
            "deprecated": false,
            "source": "https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33",
            "signature_version": "v1"
        },
        {
            "signature_type": "Function",
            "target": {
                "file": "libtiff/tif_predict.c",
                "function": "horAcc32"
            },
            "id": "CVE-2016-9535-7505827a",
            "digest": {
                "length": 341.0,
                "function_hash": "75952545727149332452222831438042026001"
            },
            "deprecated": false,
            "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1",
            "signature_version": "v1"
        },
        {
            "signature_type": "Line",
            "target": {
                "file": "libtiff/tif_predict.c"
            },
            "id": "CVE-2016-9535-9fbb1868",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "243537253012095232706018147322584964083",
                    "328793604765054568277458339384610724883",
                    "173215819473755194764655104316010686419",
                    "199422481867919143423721054010706911540",
                    "8557538063707369504417648543711635394",
                    "8083623373425167319000831259911679740",
                    "85368011416744430142508291262187983305",
                    "78580468177287185386221164314403802048",
                    "171265541845092943189763909690756428842",
                    "171127729429503044325544238934172733556",
                    "170924229996705184237776138572835518269",
                    "283910340509617888939277177227310435451",
                    "3663573744890979848304579524704794678",
                    "8083623373425167319000831259911679740",
                    "132747715903068621805235146338990386343",
                    "163310138971906068926364150861312351117",
                    "295813915796687586699285067718406720854",
                    "207117491776832991070186849829053997506",
                    "231698337745173978894984973294697725306"
                ]
            },
            "deprecated": false,
            "source": "https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33",
            "signature_version": "v1"
        },
        {
            "signature_type": "Function",
            "target": {
                "file": "libtiff/tif_predict.c",
                "function": "horAcc8"
            },
            "id": "CVE-2016-9535-ae521d26",
            "digest": {
                "length": 1262.0,
                "function_hash": "313666045367366105442323613504502185156"
            },
            "deprecated": false,
            "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1",
            "signature_version": "v1"
        },
        {
            "signature_type": "Function",
            "target": {
                "file": "libtiff/tif_predict.c",
                "function": "horDiff8"
            },
            "id": "CVE-2016-9535-b8d41760",
            "digest": {
                "length": 1488.0,
                "function_hash": "336129129415190154953553427868859441327"
            },
            "deprecated": false,
            "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1",
            "signature_version": "v1"
        },
        {
            "signature_type": "Function",
            "target": {
                "file": "libtiff/tif_predict.c",
                "function": "swabHorAcc16"
            },
            "id": "CVE-2016-9535-c07c5a9a",
            "digest": {
                "length": 193.0,
                "function_hash": "245000748359933944360903661653903665701"
            },
            "deprecated": false,
            "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1",
            "signature_version": "v1"
        },
        {
            "signature_type": "Function",
            "target": {
                "file": "libtiff/tif_predict.c",
                "function": "swabHorAcc32"
            },
            "id": "CVE-2016-9535-daf1ee21",
            "digest": {
                "length": 193.0,
                "function_hash": "122050190341139738960804041940933097822"
            },
            "deprecated": false,
            "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1",
            "signature_version": "v1"
        },
        {
            "signature_type": "Function",
            "target": {
                "file": "libtiff/tif_predict.c",
                "function": "PredictorEncodeRow"
            },
            "id": "CVE-2016-9535-deaa4e66",
            "digest": {
                "length": 350.0,
                "function_hash": "282693645718852883451823726369794439334"
            },
            "deprecated": false,
            "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1",
            "signature_version": "v1"
        },
        {
            "signature_type": "Function",
            "target": {
                "file": "libtiff/tif_predict.c",
                "function": "swabHorDiff16"
            },
            "id": "CVE-2016-9535-e29415d2",
            "digest": {
                "length": 193.0,
                "function_hash": "158902631558467282773649354203087184658"
            },
            "deprecated": false,
            "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1",
            "signature_version": "v1"
        },
        {
            "signature_type": "Function",
            "target": {
                "file": "libtiff/tif_predict.c",
                "function": "PredictorEncodeTile"
            },
            "id": "CVE-2016-9535-e75c9d6c",
            "digest": {
                "length": 873.0,
                "function_hash": "30291917893125969486252093361531272353"
            },
            "deprecated": false,
            "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1",
            "signature_version": "v1"
        },
        {
            "signature_type": "Function",
            "target": {
                "file": "libtiff/tif_predict.c",
                "function": "horAcc16"
            },
            "id": "CVE-2016-9535-e98a0fa6",
            "digest": {
                "length": 419.0,
                "function_hash": "83933759554897251928352728546898234334"
            },
            "deprecated": false,
            "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1",
            "signature_version": "v1"
        },
        {
            "signature_type": "Function",
            "target": {
                "file": "libtiff/tif_predict.c",
                "function": "fpDiff"
            },
            "id": "CVE-2016-9535-ecf69c41",
            "digest": {
                "length": 851.0,
                "function_hash": "307214869499057035791033897634522056438"
            },
            "deprecated": false,
            "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1",
            "signature_version": "v1"
        },
        {
            "signature_type": "Function",
            "target": {
                "file": "libtiff/tif_predict.c",
                "function": "horDiff16"
            },
            "id": "CVE-2016-9535-efcd2186",
            "digest": {
                "length": 456.0,
                "function_hash": "94877657018150311123884046479567264667"
            },
            "deprecated": false,
            "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1",
            "signature_version": "v1"
        }
    ]
}