[3.6] lcms2: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile (CVE-2018-16435)
A flaw was found in Little CMS (aka Little Color Management System) 2.9.
An integer overflow
in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the
SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.
(from redmine: issue id 9446, created on 2018-09-21, closed on 2018-11-07)
- parent #9442 (closed)