{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-11-22T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka \"Predictor heap-buffer-overflow.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-04T19:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "DSA-3844", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-3844"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33"}, {"name": "RHSA-2017:0225", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html"}, {"name": "94744", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94744"}, {"name": "94484", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94484"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2016-9535", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka \"Predictor heap-buffer-overflow.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-3844", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3844"}, {"name": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1", "refsource": "CONFIRM", "url": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1"}, {"name": "https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33", "refsource": "CONFIRM", "url": "https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33"}, {"name": "RHSA-2017:0225", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html"}, {"name": "94744", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94744"}, {"name": "94484", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94484"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:50:38.565Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-3844", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2017/dsa-3844"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33"}, {"name": "RHSA-2017:0225", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html"}, {"name": "94744", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94744"}, {"name": "94484", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94484"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-05-29T20:24:50.368394Z", "id": "CVE-2016-9535", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-29T20:24:54.106Z"}}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-9535", "datePublished": "2016-11-22T19:00:00.000Z", "dateReserved": "2016-11-21T00:00:00.000Z", "dateUpdated": "2026-05-29T20:24:54.106Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.debian.org/security/2017/dsa-3844", "name": "DSA-3844", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"]}, {"url": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html", "name": "RHSA-2017:0225", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/94744", "name": "94744", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/94484", "name": "94484", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:50:38.565Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2016-9535", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-05-29T20:24:50.368394Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-29T20:24:46.308Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-11-22T00:00:00.000Z", "references": [{"url": "http://www.debian.org/security/2017/dsa-3844", "name": "DSA-3844", "tags": ["vendor-advisory", "x_refsource_DEBIAN"]}, {"url": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html", "name": "RHSA-2017:0225", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "http://www.securityfocus.com/bid/94744", "name": "94744", "tags": ["vdb-entry", "x_refsource_BID"]}, {"url": "http://www.securityfocus.com/bid/94484", "name": "94484", "tags": ["vdb-entry", "x_refsource_BID"]}], "descriptions": [{"lang": "en", "value": "tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka \"Predictor heap-buffer-overflow.\""}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2018-01-04T19:57:01.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "n/a"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "http://www.debian.org/security/2017/dsa-3844", "name": "DSA-3844", "refsource": "DEBIAN"}, {"url": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1", "name": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1", "refsource": "CONFIRM"}, {"url": "https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33", "name": "https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33", "refsource": "CONFIRM"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html", "name": "RHSA-2017:0225", "refsource": "REDHAT"}, {"url": "http://www.securityfocus.com/bid/94744", "name": "94744", "refsource": "BID"}, {"url": "http://www.securityfocus.com/bid/94484", "name": "94484", "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka \"Predictor heap-buffer-overflow.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2016-9535", "STATE": "PUBLIC", "ASSIGNER": "[email protected]"}}}}, "cveMetadata": {"cveId": "CVE-2016-9535", "state": "PUBLISHED", "dateUpdated": "2026-05-29T20:24:54.106Z", "dateReserved": "2016-11-21T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2016-11-22T19:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libtiff:libtiff:4.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "33708995-494C-476D-B0E3-1E78B9328699", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka \"Predictor heap-buffer-overflow.\""}, {"lang": "es", "value": "tif_predict.h y tif_predict.c en libtiff 4.0.6 tienen aserciones que pueden conducir a fallos de aserci\u00f3n en modo debug, o desbordamientos de b\u00fafer en modo de liberaci\u00f3n, cuando trata con un tama\u00f1o inusual de tile como YCbCr con submuestreo. Reportado como MSVR 35105, vulnerabilidad tambi\u00e9n conocida como \"Predictor heap-buffer-overflow\"."}], "id": "CVE-2016-9535", "lastModified": "2026-05-29T21:16:30.460", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2016-11-22T19:59:03.387", "references": [{"source": "[email protected]", "url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html"}, {"source": "[email protected]", "url": "http://www.debian.org/security/2017/dsa-3844"}, {"source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94484"}, {"source": "[email protected]", "url": "http://www.securityfocus.com/bid/94744"}, {"source": "[email protected]", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1"}, {"source": "[email protected]", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2017/dsa-3844"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94484"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/94744"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "[email protected]", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-119"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2017:0225", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libtiff-0:3.9.4-21.el6_8", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2017-02-01T00:00:00Z"}, {"advisory": "RHSA-2017:0225", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libtiff-0:4.0.3-27.el7_3", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-02-01T00:00:00Z"}], "bugzilla": {"description": "libtiff: Predictor heap-buffer-overflow", "id": "1397755", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397755"}, "csaw": false, "cvss": {"cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified"}, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-122", "details": ["tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka \"Predictor heap-buffer-overflow.\""], "name": "CVE-2016-9535", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "libtiff", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "compat-libtiff3", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2016-11-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-9535\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9535"], "threat_severity": "Moderate"}

{}