lcms2: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile (CVE-2018-16435)
A flaw was found in Little CMS (aka Little Color Management System) 2.9.
An integer overflow
in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the
SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.
(from redmine: issue id 9442, created on 2018-09-21, closed on 2018-11-08)
- child #9443
- child #9444
- child #9445
- child #9446
- child #9447