Bug 1640118
| Summary: | chromium-browser: Heap buffer overflow in lcms in PDFium | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Andrej Nemec <anemec> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED DUPLICATE | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | akarshan.biswas, mhroncok, tcallawa, tpopela, yaneti |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | chromium-browser 70.0.3538.67 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-10-24 13:13:54 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1640116 | ||
|
Description
Andrej Nemec
2018-10-17 11:33:19 UTC
Created chromium tracking bugs for this issue: Affects: epel-7 [bug 1640122] Affects: fedora-all [bug 1640121] (In reply to Andrej Nemec from comment #0) > https://crbug.com/872189 The upstream chromium bug is still not public, but using the bug id, the following commit in the chromium repo: https://chromium.googlesource.com/chromium/src/+/6486b858d8c49db25df193a817b808d4dcea1f75%5E%21/#F0 points us to the pdfium repo, which contains the following commit: https://pdfium.googlesource.com/pdfium.git/+/81a3c2408a1fb3e3cc4b06d659cce19157ee0a91%5E%21/#F1 which corresponds to the following LittleCMS / lcms upstream commit: https://github.com/mm2/Little-CMS/commit/768f70ca making this a duplicate of bug 1628969 / CVE-2018-16435. *** This bug has been marked as a duplicate of bug 1628969 *** |