aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-12T15:40:14Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9445[3.7] lcms2: heap-based buffer overflow in SetData function in cmsIT8LoadFrom...2019-07-12T15:40:14ZAlicha CH[3.7] lcms2: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile (CVE-2018-16435)A flaw was found in Little CMS (aka Little Color Management System) 2.9.
An integer overflow
in the AllocateDataSet function in cmscgats.c, leading to a heap-based
buffer overflow in the
SetData function via a crafted file in the sec...A flaw was found in Little CMS (aka Little Color Management System) 2.9.
An integer overflow
in the AllocateDataSet function in cmscgats.c, leading to a heap-based
buffer overflow in the
SetData function via a crafted file in the second argument to
cmsIT8LoadFromFile.
### References:
https://github.com/mm2/Little-CMS/issues/171
https://nvd.nist.gov/vuln/detail/CVE-2018-16435
### Patch:
https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8
*(from redmine: issue id 9445, created on 2018-09-21, closed on 2018-11-07)*
* Relations:
* parent #94423.7.2Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8315[3.7] vlc: type conversion vulnerability (CVE-2017-17670)2019-07-12T15:31:29ZAlicha CH[3.7] vlc: type conversion vulnerability (CVE-2017-17670)In VideoLAN VLC media player through 2.2.8, there is a type conversion
vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module
leading to a invalid free, because the type of a box may be changed
between a read operation and...In VideoLAN VLC media player through 2.2.8, there is a type conversion
vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module
leading to a invalid free, because the type of a box may be changed
between a read operation and a free operation.
### References:
http://www.openwall.com/lists/oss-security/2017/12/15/1
https://nvd.nist.gov/vuln/detail/CVE-2017-17670
*(from redmine: issue id 8315, created on 2017-12-18, closed on 2018-09-20)*
* Relations:
* parent #83133.7.2Natanael CopaNatanael Copa