Critical severity9.8NVD Advisory· Published Nov 22, 2016· Updated Jun 17, 2026
CVE-2016-9535
CVE-2016-9535
Description
tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- osv-coords3 versionspkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
< 3.8.2-141.169.9.1+ 2 more
- (no CPE)range: < 3.8.2-141.169.9.1
- (no CPE)range: < 3.8.2-141.169.9.1
- (no CPE)range: < 3.8.2-141.169.9.1
Patches
Vulnerability mechanics
References
6- github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1nvdIssue TrackingPatchThird Party Advisory
- github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33nvdIssue TrackingPatchThird Party Advisory
- www.securityfocus.com/bid/94484nvdThird Party AdvisoryVDB Entry
- rhn.redhat.com/errata/RHSA-2017-0225.htmlnvd
- www.debian.org/security/2017/dsa-3844nvd
- www.securityfocus.com/bid/94744nvd
News mentions
0No linked articles in our index yet.