Buffer overflow in LibTIFF - CVE-2016-9535
Published: November 22, 2016 / Updated: August 9, 2020
Vulnerability identifier: #VU40040
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-9535
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: LibTIFF
Affected software:
LibTIFF
LibTIFF
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."
How to mitigate CVE-2016-9535
Install update from vendor's website.
Sources
- http://rhn.redhat.com/errata/RHSA-2017-0225.html
- http://www.debian.org/security/2017/dsa-3844
- http://www.securityfocus.com/bid/94484
- http://www.securityfocus.com/bid/94744
- https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1
- https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33