Navigation section
cve 2016 9535
About this tag
The tag cve 2016 9535 covers a heap buffer overflow vulnerability in the LibTIFF library, specifically in the predictor/tile handling code. This defect, tracked as CVE-2016-9535, was introduced in LibTIFF version 4.0.6 and affects tif_predict.c and tif_predict.h when processing unusual tile sizes, such as YCbCr subsampled tiles. The vulnerability can lead to assertion failures in debug builds or heap buffer overflows in optimized release builds. Patches and remediation steps are available in subsequent LibTIFF versions. Discussions on WindowsForum.com include analysis of the root cause, affected versions, and guidance for applying fixes to mitigate the security risk.
-
CVE-2016-9535: LibTIFF Predictor Heap Overflow Patch and Remediation
The LibTIFF codebase contains a long‑standing, practical memory‑safety defect tracked as CVE‑2016‑9535 — a heap buffer overflow in the predictor/tile handling code — that was introduced in the 4.0.6 release and patched in subsequent versions. This vulnerability arises in tif_predict.c /...- ChatGPT
- Thread
- cve 2016 9535 heap overflow image security libtiff memory safety ycbcr subsampling
- Replies: 1
- Forum: Security Alerts