Vulnerability CVE-2016-9535

Vulnerability Name:

CVE-2016-9535 (CCN-119242)

Assigned:

2016-11-04

Published:

2016-11-04

Updated:

2018-01-05

Summary:

tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."

CVSS v3 Severity:

9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

6.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
5.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

7.0 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
6.1 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

5.1 Medium (REDHAT CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-119
CWE-122

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2016-9535

Source: CCN
Type: RHSA-2017-0225
Moderate: libtiff security update

Source: REDHAT
Type: UNKNOWN
RHSA-2017:0225

Source: DEBIAN
Type: UNKNOWN
DSA-3844

Source: CCN
Type: IBM Security Bulletin 874884 (Dynamic System Analysis (DSA) Preboot)
IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in libTIFF

Source: CCN
Type: LibTIFF Web Site
LibTIFF

Source: BID
Type: Third Party Advisory, VDB Entry
94484

Source: CCN
Type: BID-94484
RETIRED: LibTIFF Multiple Security Vulnerabilites

Source: BID
Type: UNKNOWN
94744

Source: CCN
Type: BID-94744
LibTIFF CVE-2016-9535 Heap Buffer Overflow Vulnerability

Source: XF
Type: UNKNOWN
libtiff-cve20169535-bo(119242)

Source: CCN
Type: LibTIFF GIT Repository
ibtiff/tif_predict.h, libtiff/tif_predict.c

Source: CONFIRM
Type: Issue Tracking, Patch, Third Party Advisory
https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1

Source: CCN
Type: LibTIFF GIT Repository
libtiff/tif_predic.c: fix memory leaks in error code paths added in

Source: CONFIRM
Type: Issue Tracking, Patch, Third Party Advisory
https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33

Source: CCN
Type: Apple security document HT207615
About the security content of macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2016-9535

Vulnerable Configuration:

Configuration 1:

cpe:/a:libtiff:libtiff:4.0.6:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 9:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 10:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:libtiff:libtiff:4.0.6:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_hpc_node:7:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_workstation:7:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_workstation:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20169535	V	CVE-2016-9535	2022-05-20
oval:org.opensuse.security:def:29497	P	Security update for apache2 (Important)	2022-01-12
oval:org.opensuse.security:def:35282	P	Security update for gegl (Important)	2021-12-28
oval:org.opensuse.security:def:31336	P	Security update for chrony (Moderate)	2021-12-22
oval:org.opensuse.security:def:30285	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:34592	P	Security update for the Linux Kernel (Important)	2021-11-19
oval:org.opensuse.security:def:29443	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:31702	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:30117	P	Security update for openssl (Important)	2021-08-24
oval:org.opensuse.security:def:31249	P	Security update for python-PyYAML (Important)	2021-08-24
oval:org.opensuse.security:def:34502	P	Security update for the Linux Kernel (Important)	2021-08-10
oval:org.opensuse.security:def:33696	P	Security update for mariadb (Important)	2021-08-06
oval:org.opensuse.security:def:31658	P	Security update for the Linux Kernel (Important)	2021-07-22
oval:org.opensuse.security:def:30106	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:30105	P	Security update for qemu (Moderate)	2021-07-21
oval:org.opensuse.security:def:32951	P	Security update for xterm (Important)	2021-06-18
oval:org.opensuse.security:def:36431	P	libQtWebKit-devel-4.6.3-5.34.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36389	P	dbus-1-devel-1.2.10-3.31.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:31636	P	Security update for spice (Important)	2021-06-08
oval:org.opensuse.security:def:31192	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:33652	P	Security update for libxml2 (Important)	2021-05-19
oval:org.opensuse.security:def:30191	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:33086	P	Security update for ImageMagick (Moderate)	2021-02-25
oval:org.opensuse.security:def:28931	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP2) (Important)	2021-02-10
oval:org.opensuse.security:def:34445	P	Security update for dovecot22 (Important)	2021-01-04
oval:org.opensuse.security:def:31100	P	Security update for cyrus-sasl (Important)	2020-12-28
oval:org.opensuse.security:def:33628	P	Security update for cyrus-sasl (Important)	2020-12-28
oval:org.opensuse.security:def:34334	P	Security update for python (Important)	2020-12-11
oval:org.opensuse.security:def:28862	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP2) (Important)	2020-12-07
oval:org.opensuse.security:def:35646	P	unzip-5.52-142.23.43 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35605	P	libtiff3-3.8.2-141.8.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35751	P	libicu-32bit-4.0-7.26.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35707	P	glib2-2.22.5-0.2.23 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35679	P	cron-4.1-194.199.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35640	P	sudo-1.6.9p17-21.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35591	P	libmysqlclient15-32bit-5.0.67-13.20.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35532	P	cron-4.1-194.24.4 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:26978	P	libvirt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33238	P	procmail on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29585	P	Security update for apache2-mod_jk (Moderate)	2020-12-01
oval:org.opensuse.security:def:26967	P	libpython2_6-1_0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33181	P	libsnmp15-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29546	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26966	P	libpulse-browse0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34967	P	Security update for gcc43 (Moderate)	2020-12-01
oval:org.opensuse.security:def:34923	P	Security update for exempi (Moderate)	2020-12-01
oval:org.opensuse.security:def:32872	P	gnome-screensaver on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29290	P	Security update for Linux kernel	2020-12-01
oval:org.opensuse.security:def:34897	P	Security update for dbus-1	2020-12-01
oval:org.opensuse.security:def:32861	P	foomatic-filters on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29205	P	Security update for openssl (Moderate)	2020-12-01
oval:org.opensuse.security:def:34858	P	Security update for clamav (Important)	2020-12-01
oval:org.opensuse.security:def:31594	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:32860	P	findutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29148	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:34809	P	Security update for apache2 (Important)	2020-12-01
oval:org.opensuse.security:def:31556	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:29062	P	Security update for bsdtar (Important)	2020-12-01
oval:org.opensuse.security:def:34751	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:30918	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:30874	P	Security update for expat (Moderate)	2020-12-01
oval:org.opensuse.security:def:30854	P	Security update for dnsmasq (Important)	2020-12-01
oval:org.opensuse.security:def:28851	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:30815	P	Security update for coreutils (Important)	2020-12-01
oval:org.opensuse.security:def:28850	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:34347	P	Security update for squidGuard (Moderate)	2020-12-01
oval:org.opensuse.security:def:30766	P	Security update for aspell (Moderate)	2020-12-01
oval:org.opensuse.security:def:34211	P	Security update for php5 (Important)	2020-12-01
oval:org.opensuse.security:def:30711	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:34127	P	Security update for mozilla-nspr, mozilla-nss	2020-12-01
oval:org.opensuse.security:def:30556	P	Security update for mozilla-nss	2020-12-01
oval:org.opensuse.security:def:34116	P	Security update for nautilus (Low)	2020-12-01
oval:org.opensuse.security:def:30469	P	Security update for PHP5	2020-12-01
oval:org.opensuse.security:def:32379	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:34115	P	Security update for nagios-nrpe (Moderate)	2020-12-01
oval:org.opensuse.security:def:30412	P	Security update for xorg-x11-libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:32340	P	Security update for socat (Moderate)	2020-12-01
oval:org.opensuse.security:def:30323	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:35372	P	Security update for netpbm (Moderate)	2020-12-01
oval:org.opensuse.security:def:35225	P	Security update for liblouis (Moderate)	2020-12-01
oval:org.opensuse.security:def:31597	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:28415	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:35124	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31548	P	Security update for sblim-sfcb (Moderate)	2020-12-01
oval:org.opensuse.security:def:28380	P	Security update for rubygem-actionpack-3_2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:34988	P	Security update for glib2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31492	P	Security update for Python	2020-12-01
oval:org.opensuse.security:def:27742	P	Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:34904	P	Security update for djvulibre (Moderate)	2020-12-01
oval:org.opensuse.security:def:27698	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:34893	P	Security update for curl	2020-12-01
oval:org.opensuse.security:def:27684	P	Security update for xorg-x11-server	2020-12-01
oval:org.opensuse.security:def:34374	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:34892	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:27645	P	Security update for libvirt	2020-12-01
oval:org.opensuse.security:def:27596	P	Security update for Mesa	2020-12-01
oval:org.opensuse.security:def:30968	P	Security update for gstreamer-0_10-plugins-base (Moderate)	2020-12-01
oval:org.opensuse.security:def:27543	P	python-crypto on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30894	P	Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:27392	P	emacs-nox on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30883	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:27308	P	tftp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33589	P	Security update for MozillaFirefox (Moderate)	2020-12-01
oval:org.opensuse.security:def:30322	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:30882	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:27251	P	openCryptoki on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33540	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:27170	P	libMagickCore1-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33483	P	Security update for OpenSSL	2020-12-01
oval:org.opensuse.security:def:29647	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:27042	P	taglib on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33326	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:29603	P	Security update for axis (Moderate)	2020-12-01
oval:com.redhat.rhsa:def:20170225	P	RHSA-2017:0225: libtiff security update (Moderate)	2017-02-01
oval:com.ubuntu.xenial:def:20169535000	V	CVE-2016-9535 on Ubuntu 16.04 LTS (xenial) - medium.	2016-11-22
oval:com.ubuntu.artful:def:20169535000	V	CVE-2016-9535 on Ubuntu 17.10 (artful) - medium.	2016-11-22
oval:com.ubuntu.precise:def:20169535000	V	CVE-2016-9535 on Ubuntu 12.04 LTS (precise) - medium.	2016-11-22
oval:com.ubuntu.xenial:def:201695350000000	V	CVE-2016-9535 on Ubuntu 16.04 LTS (xenial) - medium.	2016-11-22
oval:com.ubuntu.trusty:def:20169535000	V	CVE-2016-9535 on Ubuntu 14.04 LTS (trusty) - medium.	2016-11-22

BACK