CVE-2016-9535

Priority
Description
tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can
lead to assertion failures in debug mode, or buffer overflows in release
mode, when dealing with unusual tile size like YCbCr with subsampling.
Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."
Notes
mdeslaurthis will not be fixed in precise/esm
Package
Source: tiff (LP Ubuntu Debian)
Upstream:released (4.0.7-1)
Ubuntu 12.04 ESM (Precise Pangolin):ignored
Ubuntu 14.04 ESM (Trusty Tahr):released (4.0.3-7ubuntu0.6)
Ubuntu 16.04 LTS (Xenial Xerus):released (4.0.6-1ubuntu0.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.0.7-1)
Patches:
Upstream:https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1
Upstream:https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33
More Information

Updated: 2019-12-05 18:46:45 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)