A flaw was found in Little CMS (aka Little Color Management System) 2.9. An integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. References: https://github.com/mm2/Little-CMS/issues/171 Upstream Fix: https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8
Created lcms2 tracking bugs for this issue: Affects: epel-6 [bug 1628972] Affects: fedora-all [bug 1628970] Created mingw-lcms2 tracking bugs for this issue: Affects: fedora-all [bug 1628971]
*** Bug 1640118 has been marked as a duplicate of this bug. ***
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2018:3004 https://access.redhat.com/errata/RHSA-2018:3004
Statement: This issue affects the versions of lcms2 as shipped with Red Hat Enterprise Linux 7.