CVE-2016-9535 (retired)

Priority
Description
tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can
lead to assertion failures in debug mode, or buffer overflows in release
mode, when dealing with unusual tile size like YCbCr with subsampling.
Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."
Notes
 mdeslaur> this will not be fixed in precise/esm
Package
Source: tiff (LP Ubuntu Debian)
Upstream:released (4.0.7-1)
Ubuntu 12.04 ESM (Precise Pangolin):ignored
Ubuntu 14.04 LTS (Trusty Tahr):released (4.0.3-7ubuntu0.6)
Ubuntu 16.04 LTS (Xenial Xerus):released (4.0.6-1ubuntu0.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.0.7-1)
Patches:
Upstream:https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1
Upstream:https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33
More Information

Updated: 2019-03-26 12:23:35 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)