{"id":"CVE-2016-9538","details":"tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100.","modified":"2026-07-08T12:06:38.390575Z","published":"2016-11-22T19:59:06.510Z","related":["openSUSE-SU-2024:11461-1"],"references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/94753"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3762"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/94484"},{"type":"FIX","url":"https://github.com/vadz/libtiff/commit/43c0b81a818640429317c80fea1e66771e85024b#diff-c8b4b355f9b5c06d585b23138e1c185f"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/vadz/libtiff","events":[{"introduced":"8a37c8e244de3457283b54986d09a8db4d24381c"},{"last_affected":"8a37c8e244de3457283b54986d09a8db4d24381c"},{"fixed":"43c0b81a818640429317c80fea1e66771e85024b"}],"database_specific":{"extracted_events":[{"introduced":"4.0.6"},{"last_affected":"4.0.6"}],"cpe":"cpe:2.3:a:libtiff:libtiff:4.0.6:*:*:*:*:*:*:*","source":["CPE_STRING","REFERENCES"]}}],"versions":["4.0.6","Release-v4-0-6"],"database_specific":{"vanir_signatures_modified":"2026-07-08T12:06:38Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9538.json","vanir_signatures":[{"signature_type":"Line","source":"https://github.com/vadz/libtiff/commit/43c0b81a818640429317c80fea1e66771e85024b","deprecated":false,"target":{"file":"tools/tiffcp.c"},"digest":{"threshold":0.9,"line_hashes":["232427039072130429851659266371799894391","191342321427644718345565034516085667474","243372549092629614568279305409646591918","86629854114506982021886073099470035925","318444769697916841680281764114220919792"]},"id":"CVE-2016-9538-2cd3c3a6","signature_version":"v1"},{"signature_type":"Function","source":"https://github.com/vadz/libtiff/commit/43c0b81a818640429317c80fea1e66771e85024b","deprecated":false,"target":{"file":"tools/tiffcp.c","function":"tiffcp"},"digest":{"length":6093,"function_hash":"25215481322634118791199374119652475832"},"id":"CVE-2016-9538-3513d943","signature_version":"v1"},{"signature_type":"Line","source":"https://github.com/vadz/libtiff/commit/43c0b81a818640429317c80fea1e66771e85024b","deprecated":false,"target":{"file":"tools/tiffcrop.c"},"digest":{"threshold":0.9,"line_hashes":["4554547364235472400140714772227915399","205201238539123249331084554844596075983","86997646026669217194474638551587156977","276891329001093315787708201183747013595","154985182039255178859484639612038353860","315557098165198227440073713090276890667","83623140861680678709870870961740857722","156060344822384567699523889949903679507","154382074816021957812503980734039757320","212894865834511974334163435159307395909"]},"id":"CVE-2016-9538-46c49515","signature_version":"v1"},{"signature_type":"Function","source":"https://github.com/vadz/libtiff/commit/43c0b81a818640429317c80fea1e66771e85024b","deprecated":false,"target":{"file":"tools/tiffcrop.c","function":"readSeparateStripsIntoBuffer"},"digest":{"length":3496,"function_hash":"41023061713802383472646983725907848687"},"id":"CVE-2016-9538-638b4694","signature_version":"v1"}]}},{"ranges":[{"type":"GIT","repo":"https://gitlab.com/libtiff/libtiff","events":[{"introduced":"5612707c086cda76319552a0a2afeddcfa67d1b3"},{"last_affected":"5612707c086cda76319552a0a2afeddcfa67d1b3"}],"database_specific":{"extracted_events":[{"introduced":"4.0.6"},{"last_affected":"4.0.6"}],"cpe":"cpe:2.3:a:libtiff:libtiff:4.0.6:*:*:*:*:*:*:*","source":"CPE_STRING"}}],"versions":["4.0.6","v4.0.6"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9538.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}