tifpredict.h and tifpredict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."
{ "vanir_signatures": [ { "signature_type": "Function", "target": { "file": "libtiff/tif_predict.c", "function": "PredictorEncodeTile" }, "id": "CVE-2016-9535-21a09b17", "digest": { "length": 971.0, "function_hash": "33438023922335958403027861108369435097" }, "deprecated": false, "source": "https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33", "signature_version": "v1" }, { "signature_type": "Function", "target": { "file": "libtiff/tif_predict.c", "function": "swabHorDiff32" }, "id": "CVE-2016-9535-21a62c3e", "digest": { "length": 193.0, "function_hash": "202112037355910350314807661606348903076" }, "deprecated": false, "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1", "signature_version": "v1" }, { "signature_type": "Function", "target": { "file": "libtiff/tif_predict.c", "function": "PredictorDecodeTile" }, "id": "CVE-2016-9535-276fda65", "digest": { "length": 517.0, "function_hash": "184992262770447987855632056899924960410" }, "deprecated": false, "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1", "signature_version": "v1" }, { "signature_type": "Line", "target": { "file": "libtiff/tif_predict.c" }, "id": "CVE-2016-9535-2b43ebde", "digest": { "threshold": 0.9, "line_hashes": [ "261216747197544161885780539738058574608", "204875526020822327172325554141205118236", "169280555840795216092410791154823169671", "93387289301672846274021466163740944234", "89722084998747174049558402595045530229", "53978131051627761841638122305239234594", "92139698161269378584448546751974355237", "218033777424840085956168346478189955146", "173562032052913763204616893670163871529", "59772104789028288424524406531691133701", "168216118651488941563407684875687376460", "276227255640016495411064368422751486583", "162817855906778422021599614065481804161", "75239090941942994308511347890910020783", "26083462127943261703778269971104141551", "170366677663820355181450097743747993320", "69088313966155961681384823169459330427", "98098571162348030533861241892810405897", "275339619459570386407458966692527532112", "165524428730503513520768627999054902463", "253636620897231989402729106626118631509", "34284046229333531150627043438115893962", "119588633803753493787033938876036142977", "114156870765192471573896503769426331647", "320201969646789997698421904828162994337", "173878156555487118740790950504304142821", "181766126657142311974140449970225806607", "209757422492588127305903305466521894189", "264432991638146080738392348267745735443", "264689667708367412735011951792766627566", "299342770356102123003592761892122574840", "166742601443984225550752263041498404277", "230475067189510006469766832980179409543", "221760411091601688958324600133782232509", "229447914869026274132167062444563841417", "25381216824514169848685677087792994761", "27617578685833025681012773012280994401", "232721568842987816265073904105127648947", "101145998970532216299401227395458455341", "160213832243623736671795706366339924760", "201127395989126374763197378088961410637", "269282657674526036962442596161869459674", "310035838356594104595411171449930729876", "89469100578155462544569555734643301568", "212247207482093557517832476673230460101", "187892194104409241736067288802950282764", "51720237313748291304069337284147885705", "116260321921890444634450185616337597462", "171809281404049194992808159713599505883", "203486425376982096420026891281156994883", "324842486338875830146705086966052987864", "132927347058582409711672473589907375944", "191432587752728724833189536044353006728", "254450928878187828843153523964358868875", "287050658238577614039242154506501323490", "277713896081436109015161703535506392236", "295384038813198301273276281040418615259", "5294313042832535779615571973931726749", "112381553462187816801670065297946094946", "236735664121532714673948537690648925492", "247065014043320309633802494006515324885", "188045776268132996966400253092030023610", "38143383255539705788472103239455009309", "176765799637775392835762278179653170040", "212247207482093557517832476673230460101", "187892194104409241736067288802950282764", "397571604025777735857428835763730489", "35853964082440227133542547486019387260", "138499664257233406659551045238237954213", "16792176028829716719496546036043956049", "312363574776531423281852985623975443880", "280561935669420456724292602952252272716", "279019357776041959397966459962680264814", "266956413772630722161606270973598878792", "26996250107358816560686593872477908882", "223738372855588217240627431939494869244", "229599646059137685456329063374212000457", "262577908426894194077380237768717535130", "40597596588941298990824017465538184829", "45814490290565097308324146196516716722", "79283068765131786396493434806802328024", "287228870289512332876850879528564702455", "32555078261466544033927279049455346065", "22414294858626776819702285795817345398", "259248672351234693092410022745228839237", "53711036798892785051368833862155738806", "87376200204613743461556288060442799912", "18879279871474488644040896044794712896", "218598709106944436415688398038136408160", "60817314799231641987651347289767443969", "144698470728293637566702447340412706692", "319660836871541674312787001732167154757", "283334726527911677417741869024291338104", "59205744002858352497477289977429831432", "194264458166475910792404654883601885827", "10099349801893439896173512356159321865", "238169097015477007146193718115730749752", "109957946280189619871860065223268910350", "40858570402993020224607947591474507188", "165592009938754204630841902916612224059", "213709958130923717100280030074286427368", "26367525634198808324867327916250614075", "269005597747942385559582834913622848583", "173878156555487118740790950504304142821", "1727971838967042040762133131665413409", "215784981163846813072247592659821234770", "327435520669212449830900635110910366901", "137019557449877111287644104277021707151", "201127395989126374763197378088961410637", "269282657674526036962442596161869459674", "174229446356323571751667139705589423960", "321623851913463861327541534261740953775", "212247207482093557517832476673230460101", "187892194104409241736067288802950282764", "332120007208474750311786660793958754606", "295151076069210490493618185992320196018", "127537402781650318556533622973528695079", "203077820274264282809123866217033389981", "68640494764636047207656350822578296203", "248550218523045943631657820874455098654", "133356447557050568539312309201336073978", "158648737178852531660033527506292608029", "158559667826735099589143395574645626476", "49368375461848919139922384529001140953", "96379463902653958107366181920515327124", "249784589267379621402534432370315558802", "247065014043320309633802494006515324885", "188045776268132996966400253092030023610", "308049302462863995007742191612405905454", "83961412082341330045612693702240415752", "212247207482093557517832476673230460101", "187892194104409241736067288802950282764", "104687558795424287761833048677605960307", "296685850653910284075301847447278613681", "9196370545177364092206719668277146838", "217315381591564540302841336918440619151", "264894580413949111625625975106125515107", "64400986129603131692552959251640409283", "68816854897385025850321559002752942431", "292876760946427832019178946535132435615", "248868804560951817732601269440589203855", "51321154998989920628801034125251556548", "187128180152788120204862597946549688484", "131534407090690625506586504246323410867", "312363574776531423281852985623975443880", "280561935669420456724292602952252272716", "75327053814029057871931606152360450066", "291928655029028502005195264959123225209", "188089470757917946186323001008474526132", "23262952306847750378571044471285039371", "149600989531258936506360345957492193437", "6941662794330502652283678479664977220", "226722899927806060070115319202730282531", "320686526123068060023132321327147132592", "245807925354893737636395260243086035121", "63869819962082865145497901506337622503", "137376293972105702542152103200032183188", "37259134356476570938241045324664025631", "64903480435328995977485239321147922921", "320109702306631153089796891664150197962", "320849409805006650144067212999819378576" ] }, "deprecated": false, "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1", "signature_version": "v1" }, { "signature_type": "Line", "target": { "file": "libtiff/tif_predict.h" }, "id": "CVE-2016-9535-3c164294", "digest": { "threshold": 0.9, "line_hashes": [ "134205239593771686444451453477153038893", "70181563830162930924240681946432007063", "334642212587000913486640124980269500319", "270652846444513752393979056430255246945", "334453991407783206968120732693852336431", "149690041145000177838200561337563478565", "106673241138169917329756552636326767793", "324678320268165838108172017665335996045", "212952606156698099132874329029155270704" ] }, "deprecated": false, "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1", "signature_version": "v1" }, { "signature_type": "Function", "target": { "file": "libtiff/tif_predict.c", "function": "fpAcc" }, "id": "CVE-2016-9535-47526f08", "digest": { "length": 826.0, "function_hash": "171040195149164366728271902811662019313" }, "deprecated": false, "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1", "signature_version": "v1" }, { "signature_type": "Function", "target": { "file": "libtiff/tif_predict.c", "function": "fpDiff" }, "id": "CVE-2016-9535-57736f03", "digest": { "length": 953.0, "function_hash": "247869117750426373389335569286105952556" }, "deprecated": false, "source": "https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33", "signature_version": "v1" }, { "signature_type": "Function", "target": { "file": "libtiff/tif_predict.c", "function": "PredictorDecodeRow" }, "id": "CVE-2016-9535-57b8f762", "digest": { "length": 379.0, "function_hash": "161372326862305423684924876063079885996" }, "deprecated": false, "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1", "signature_version": "v1" }, { "signature_type": "Function", "target": { "file": "libtiff/tif_predict.c", "function": "horDiff32" }, "id": "CVE-2016-9535-7267c10b", "digest": { "length": 378.0, "function_hash": "274416111811421074790132037766706175902" }, "deprecated": false, "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1", "signature_version": "v1" }, { "signature_type": "Function", "target": { "file": "libtiff/tif_predict.c", "function": "fpAcc" }, "id": "CVE-2016-9535-73608aee", "digest": { "length": 922.0, "function_hash": "214836327272677527236890554075706065370" }, "deprecated": false, "source": "https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33", "signature_version": "v1" }, { "signature_type": "Function", "target": { "file": "libtiff/tif_predict.c", "function": "horAcc32" }, "id": "CVE-2016-9535-7505827a", "digest": { "length": 341.0, "function_hash": "75952545727149332452222831438042026001" }, "deprecated": false, "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1", "signature_version": "v1" }, { "signature_type": "Line", "target": { "file": "libtiff/tif_predict.c" }, "id": "CVE-2016-9535-9fbb1868", "digest": { "threshold": 0.9, "line_hashes": [ "243537253012095232706018147322584964083", "328793604765054568277458339384610724883", "173215819473755194764655104316010686419", "199422481867919143423721054010706911540", "8557538063707369504417648543711635394", "8083623373425167319000831259911679740", "85368011416744430142508291262187983305", "78580468177287185386221164314403802048", "171265541845092943189763909690756428842", "171127729429503044325544238934172733556", "170924229996705184237776138572835518269", "283910340509617888939277177227310435451", "3663573744890979848304579524704794678", "8083623373425167319000831259911679740", "132747715903068621805235146338990386343", "163310138971906068926364150861312351117", "295813915796687586699285067718406720854", "207117491776832991070186849829053997506", "231698337745173978894984973294697725306" ] }, "deprecated": false, "source": "https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33", "signature_version": "v1" }, { "signature_type": "Function", "target": { "file": "libtiff/tif_predict.c", "function": "horAcc8" }, "id": "CVE-2016-9535-ae521d26", "digest": { "length": 1262.0, "function_hash": "313666045367366105442323613504502185156" }, "deprecated": false, "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1", "signature_version": "v1" }, { "signature_type": "Function", "target": { "file": "libtiff/tif_predict.c", "function": "horDiff8" }, "id": "CVE-2016-9535-b8d41760", "digest": { "length": 1488.0, "function_hash": "336129129415190154953553427868859441327" }, "deprecated": false, "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1", "signature_version": "v1" }, { "signature_type": "Function", "target": { "file": "libtiff/tif_predict.c", "function": "swabHorAcc16" }, "id": "CVE-2016-9535-c07c5a9a", "digest": { "length": 193.0, "function_hash": "245000748359933944360903661653903665701" }, "deprecated": false, "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1", "signature_version": "v1" }, { "signature_type": "Function", "target": { "file": "libtiff/tif_predict.c", "function": "swabHorAcc32" }, "id": "CVE-2016-9535-daf1ee21", "digest": { "length": 193.0, "function_hash": "122050190341139738960804041940933097822" }, "deprecated": false, "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1", "signature_version": "v1" }, { "signature_type": "Function", "target": { "file": "libtiff/tif_predict.c", "function": "PredictorEncodeRow" }, "id": "CVE-2016-9535-deaa4e66", "digest": { "length": 350.0, "function_hash": "282693645718852883451823726369794439334" }, "deprecated": false, "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1", "signature_version": "v1" }, { "signature_type": "Function", "target": { "file": "libtiff/tif_predict.c", "function": "swabHorDiff16" }, "id": "CVE-2016-9535-e29415d2", "digest": { "length": 193.0, "function_hash": "158902631558467282773649354203087184658" }, "deprecated": false, "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1", "signature_version": "v1" }, { "signature_type": "Function", "target": { "file": "libtiff/tif_predict.c", "function": "PredictorEncodeTile" }, "id": "CVE-2016-9535-e75c9d6c", "digest": { "length": 873.0, "function_hash": "30291917893125969486252093361531272353" }, "deprecated": false, "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1", "signature_version": "v1" }, { "signature_type": "Function", "target": { "file": "libtiff/tif_predict.c", "function": "horAcc16" }, "id": "CVE-2016-9535-e98a0fa6", "digest": { "length": 419.0, "function_hash": "83933759554897251928352728546898234334" }, "deprecated": false, "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1", "signature_version": "v1" }, { "signature_type": "Function", "target": { "file": "libtiff/tif_predict.c", "function": "fpDiff" }, "id": "CVE-2016-9535-ecf69c41", "digest": { "length": 851.0, "function_hash": "307214869499057035791033897634522056438" }, "deprecated": false, "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1", "signature_version": "v1" }, { "signature_type": "Function", "target": { "file": "libtiff/tif_predict.c", "function": "horDiff16" }, "id": "CVE-2016-9535-efcd2186", "digest": { "length": 456.0, "function_hash": "94877657018150311123884046479567264667" }, "deprecated": false, "source": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1", "signature_version": "v1" } ] }