#VU40040 Buffer overflow in LibTIFF - CVE-2016-9535
Published: November 22, 2016 / Updated: August 9, 2020
Vulnerability identifier: #VU40040
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-9535
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
LibTIFF
LibTIFF
Software vendor:
LibTIFF
LibTIFF
Description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."
Remediation
Install update from vendor's website.
External links
- http://rhn.redhat.com/errata/RHSA-2017-0225.html
- http://www.debian.org/security/2017/dsa-3844
- http://www.securityfocus.com/bid/94484
- http://www.securityfocus.com/bid/94744
- https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1
- https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33