vulnerability
Amazon Linux AMI: CVE-2016-9535: Security patch for libtiff, compat-libtiff3 (ALAS-2017-802)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Nov 22, 2016 | Mar 7, 2017 | Apr 16, 2020 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Nov 22, 2016
Added
Mar 7, 2017
Modified
Apr 16, 2020
Description
tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."
Solutions
amazon-linux-upgrade--compat-libtiff3amazon-linux-upgrade-libtiff
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.