CVE-2016-9533
libtiff: PixarLog horizontalDifference heap-buffer-overflow
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka "PixarLog horizontalDifference heap-buffer-overflow."
tif_pixarlog.c en libtiff 4.0.6 tiene vulnerabilidades de escritura fuera de límites en bufers alojados en memoria dinámica. Reportada como SVR 35094, vulnerabilidad también conocida como "PixarLog horizontalDifference heap-buffer-overflow".
The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Security Fix: Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-11-21 CVE Reserved
- 2016-11-22 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-122: Heap-based Buffer Overflow
- CWE-787: Out-of-bounds Write
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/94484 | Third Party Advisory | |
| http://www.securityfocus.com/bid/94742 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-bdc795f6afeb9558c1012b3cfae729ef | 2018-01-05 |
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2017-0225.html | 2018-01-05 | |
| http://www.debian.org/security/2017/dsa-3762 | 2018-01-05 | |
| https://access.redhat.com/security/cve/CVE-2016-9533 | 2017-02-01 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1397769 | 2017-02-01 |