[3.8] lcms2: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile (CVE-2018-16435)
A flaw was found in Little CMS (aka Little Color Management System) 2.9.
An integer overflow
in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the
SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.
(from redmine: issue id 9444, created on 2018-09-21, closed on 2018-11-08)
main/lcms2: security fix (CVE-2018-16435) Fixes #9444