cvedb.io
CVE-2016-9535
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2016-11-22T19:59:03.387 · Last modified 2026-06-17T00:56:11.710

Summary

tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."

Affected products

libtiff — libtiff

Does this affect you?

Add your gear to cvedb and we'll alert you only when libtiff ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.