CVE-2016-9535Improper Restriction of Operations within the Bounds of a Memory Buffer in Libtiff

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-122Heap-based Buffer OverflowCWE-1395Dependency on Vulnerable Third-Party Component16 documents12 sources
Severity
9.8CRITICALNVD
EPSS
0.6%
top 30.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
19
Debian TiffApple Macos Sierra 10.12.4 Security Update 2017-001 EL Capitan AND Security Update 201Libtiff+16 more
Timeline
PublishedNov 22
Latest updateOct 14

Description

tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages19 packages

NVDlibtiff/libtiff4.0.6
debiandebian/tiff< tiff 4.0.7-1 (bookworm)

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-9mr5-78vv-g6xr: tif_predict2022-05-14
OSV
CVE-2016-9535: tif_predict2016-11-22

📋Vendor Advisories

5
Microsoft
MITRE CVE-2016-9535: LibTIFF Heap Buffer Overflow Vulnerability2025-10-14
Apple
CVE-2016-9535: macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite2017-03-27
Ubuntu
LibTIFF vulnerabilities2017-02-27
Red Hat
libtiff: Predictor heap-buffer-overflow2016-11-04
Debian
CVE-2016-9535: tiff - tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead t...2016

🕵️Threat Intelligence

4
Qualys
Microsoft and Adobe Patch Tuesday, October 2025 Security Update Review | Qualys2025-10-14
Qualys
Microsoft and Adobe Patch Tuesday, October 2025 Security Update Review2025-10-14
Bleepingcomputer
Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws2025-10-14
Crowdstrike
October 2025 Patch Tuesday: Updates and Analysis

💬Community

4
Bugzilla
CVE-2016-9448 CVE-2016-9453 CVE-2016-9532 CVE-2016-9533 CVE-2016-9534 CVE-2016-9535 CVE-2016-9536 CVE-2016-9537 CVE-2016-9538 CVE-2016-9539 CVE-2016-9540 mingw-libtiff: various flaws [fedora-all]2016-11-23
Bugzilla
CVE-2016-9448 CVE-2016-9453 CVE-2016-9532 CVE-2016-9533 CVE-2016-9534 CVE-2016-9535 CVE-2016-9536 CVE-2016-9537 CVE-2016-9538 CVE-2016-9539 CVE-2016-9540 mingw-libtiff: various flaws [epel-7]2016-11-23
Bugzilla
CVE-2016-9535 libtiff: Predictor heap-buffer-overflow2016-11-23
Bugzilla
CVE-2016-9448 CVE-2016-9453 CVE-2016-9532 CVE-2016-9533 CVE-2016-9534 CVE-2016-9535 CVE-2016-9536 CVE-2016-9537 CVE-2016-9538 CVE-2016-9539 CVE-2016-9540 libtiff: various flaws [fedora-all]2016-11-23