Action not permitted
Modal body text goes here.
Modal Title
Modal Body
ubuntu-cve-2016-9535
Vulnerability from osv_ubuntu
Published
2016-11-22 00:00
Modified
2026-06-01 07:04
Summary
Details
tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."
Severity
9.8 (Critical)
9.8 (Critical)
N/A (UNKNOWN)
References
| URL | Type | |
|---|---|---|
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libtiff-opengl",
"binary_version": "4.0.3-7ubuntu0.6"
},
{
"binary_name": "libtiff-tools",
"binary_version": "4.0.3-7ubuntu0.6"
},
{
"binary_name": "libtiff5",
"binary_version": "4.0.3-7ubuntu0.6"
},
{
"binary_name": "libtiffxx5",
"binary_version": "4.0.3-7ubuntu0.6"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "tiff",
"purl": "pkg:deb/ubuntu/tiff@4.0.3-7ubuntu0.6?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.0.3-7ubuntu0.6"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.0.2-4ubuntu3",
"4.0.3-5ubuntu1",
"4.0.3-6",
"4.0.3-6ubuntu1",
"4.0.3-7",
"4.0.3-7ubuntu0.1",
"4.0.3-7ubuntu0.2",
"4.0.3-7ubuntu0.3",
"4.0.3-7ubuntu0.4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libtiff-opengl",
"binary_version": "4.0.6-1ubuntu0.1"
},
{
"binary_name": "libtiff-tools",
"binary_version": "4.0.6-1ubuntu0.1"
},
{
"binary_name": "libtiff5",
"binary_version": "4.0.6-1ubuntu0.1"
},
{
"binary_name": "libtiffxx5",
"binary_version": "4.0.6-1ubuntu0.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "tiff",
"purl": "pkg:deb/ubuntu/tiff@4.0.6-1ubuntu0.1?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.0.6-1ubuntu0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.0.3-12.3ubuntu2",
"4.0.5-1",
"4.0.6-1"
]
}
],
"aliases": [],
"details": "tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka \"Predictor heap-buffer-overflow.\"",
"id": "UBUNTU-CVE-2016-9535",
"modified": "2026-06-01T07:04:34Z",
"published": "2016-11-22T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9535"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-3212-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9535"
}
],
"related": [
"USN-3212-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2016-9535"
]
}
CVE-2016-9535 (GCVE-0-2016-9535)
Vulnerability from cvelistv5 – Published: 2016-11-22 19:00 – Updated: 2026-05-29 20:24
VLAI
EPSS
VEX
Summary
tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.debian.org/security/2017/dsa-3844 | vendor-advisoryx_refsource_DEBIAN |
| https://github.com/vadz/libtiff/commit/3ca657a879… | x_refsource_CONFIRM |
| https://github.com/vadz/libtiff/commit/6a984bf790… | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2017-0225.html | vendor-advisoryx_refsource_REDHAT |
| http://www.securityfocus.com/bid/94744 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/bid/94484 | vdb-entryx_refsource_BID |
Date Public
2016-11-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3844",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3844"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33"
},
{
"name": "RHSA-2017:0225",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html"
},
{
"name": "94744",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94744"
},
{
"name": "94484",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94484"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2016-9535",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T20:24:50.368394Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T20:24:54.106Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka \"Predictor heap-buffer-overflow.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3844",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3844"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33"
},
{
"name": "RHSA-2017:0225",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html"
},
{
"name": "94744",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94744"
},
{
"name": "94484",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94484"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9535",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka \"Predictor heap-buffer-overflow.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3844",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3844"
},
{
"name": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1",
"refsource": "CONFIRM",
"url": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1"
},
{
"name": "https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33",
"refsource": "CONFIRM",
"url": "https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33"
},
{
"name": "RHSA-2017:0225",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html"
},
{
"name": "94744",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94744"
},
{
"name": "94484",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94484"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9535",
"datePublished": "2016-11-22T19:00:00.000Z",
"dateReserved": "2016-11-21T00:00:00.000Z",
"dateUpdated": "2026-05-29T20:24:54.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
usn-3212-1
Vulnerability from osv_ubuntu
Published
2017-02-27 18:04
Modified
2026-06-01 07:03
Summary
tiff vulnerabilities
Details
It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.
References
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2015-7554",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-8668",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-3622",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-3623",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-3624",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-3632",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-3658",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-3945",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-3990",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-3991",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-5314",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-5315",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-5316",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-5317",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-5320",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-5321",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-5322",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-5323",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-5652",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-5875",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-6223",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-8331",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9273",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9297",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9448",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9453",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9532",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9533",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9534",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9535",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9536",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9537",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9538",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9539",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "negligible",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9540",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-10092",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-10093",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-10094",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-5225",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:14.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libtiff-opengl",
"binary_version": "4.0.3-7ubuntu0.6"
},
{
"binary_name": "libtiff-tools",
"binary_version": "4.0.3-7ubuntu0.6"
},
{
"binary_name": "libtiff5",
"binary_version": "4.0.3-7ubuntu0.6"
},
{
"binary_name": "libtiffxx5",
"binary_version": "4.0.3-7ubuntu0.6"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "tiff",
"purl": "pkg:deb/ubuntu/tiff@4.0.3-7ubuntu0.6?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.0.3-7ubuntu0.6"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.0.2-4ubuntu3",
"4.0.3-5ubuntu1",
"4.0.3-6",
"4.0.3-6ubuntu1",
"4.0.3-7",
"4.0.3-7ubuntu0.1",
"4.0.3-7ubuntu0.2",
"4.0.3-7ubuntu0.3",
"4.0.3-7ubuntu0.4"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2015-7554",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-8668",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-3622",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-3623",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-3624",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-3632",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-3658",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-3945",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-3990",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-3991",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-5314",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-5315",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-5316",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-5317",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-5320",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-5321",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-5322",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-5323",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-5652",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-5875",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-6223",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-8331",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9273",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9297",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9448",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9453",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9532",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9533",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9534",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9535",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9536",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9537",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9538",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9539",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "negligible",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9540",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-10092",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-10093",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-10094",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-5225",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:16.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libtiff-opengl",
"binary_version": "4.0.6-1ubuntu0.1"
},
{
"binary_name": "libtiff-tools",
"binary_version": "4.0.6-1ubuntu0.1"
},
{
"binary_name": "libtiff5",
"binary_version": "4.0.6-1ubuntu0.1"
},
{
"binary_name": "libtiffxx5",
"binary_version": "4.0.6-1ubuntu0.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "tiff",
"purl": "pkg:deb/ubuntu/tiff@4.0.6-1ubuntu0.1?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.0.6-1ubuntu0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.0.3-12.3ubuntu2",
"4.0.5-1",
"4.0.6-1"
]
}
],
"aliases": [],
"details": "It was discovered that LibTIFF incorrectly handled certain malformed\nimages. If a user or automated system were tricked into opening a specially\ncrafted image, a remote attacker could crash the application, leading to a\ndenial of service, or possibly execute arbitrary code with user privileges.\n",
"id": "USN-3212-1",
"modified": "2026-06-01T07:03:46Z",
"published": "2017-02-27T18:04:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-3212-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-7554"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-8668"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-3622"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-3623"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-3624"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-3632"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-3658"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-3945"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-3990"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-3991"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-5314"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-5315"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-5316"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-5317"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-5320"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-5321"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-5322"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-5323"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-5652"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-5875"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-6223"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-8331"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9273"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9297"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9448"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9453"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9532"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9533"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9534"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9535"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9536"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9537"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9538"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9539"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9540"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-10092"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-10093"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-10094"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-5225"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "tiff vulnerabilities",
"upstream": [
"UBUNTU-CVE-2015-7554",
"UBUNTU-CVE-2015-8668",
"UBUNTU-CVE-2016-3622",
"UBUNTU-CVE-2016-3623",
"UBUNTU-CVE-2016-3624",
"UBUNTU-CVE-2016-3632",
"UBUNTU-CVE-2016-3658",
"UBUNTU-CVE-2016-3945",
"UBUNTU-CVE-2016-3990",
"UBUNTU-CVE-2016-3991",
"UBUNTU-CVE-2016-5314",
"UBUNTU-CVE-2016-5315",
"UBUNTU-CVE-2016-5316",
"UBUNTU-CVE-2016-5317",
"UBUNTU-CVE-2016-5320",
"UBUNTU-CVE-2016-5321",
"UBUNTU-CVE-2016-5322",
"UBUNTU-CVE-2016-5323",
"UBUNTU-CVE-2016-5652",
"UBUNTU-CVE-2016-5875",
"UBUNTU-CVE-2016-6223",
"UBUNTU-CVE-2016-8331",
"UBUNTU-CVE-2016-9273",
"UBUNTU-CVE-2016-9297",
"UBUNTU-CVE-2016-9448",
"UBUNTU-CVE-2016-9453",
"UBUNTU-CVE-2016-9532",
"UBUNTU-CVE-2016-9533",
"UBUNTU-CVE-2016-9534",
"UBUNTU-CVE-2016-9535",
"UBUNTU-CVE-2016-9536",
"UBUNTU-CVE-2016-9537",
"UBUNTU-CVE-2016-9538",
"UBUNTU-CVE-2016-9539",
"UBUNTU-CVE-2016-9540",
"UBUNTU-CVE-2016-10092",
"UBUNTU-CVE-2016-10093",
"UBUNTU-CVE-2016-10094",
"UBUNTU-CVE-2017-5225"
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…