A flaw was found in Little CMS (aka Little Color Management System) 2.9. An integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.
Created lcms2 tracking bugs for this issue:
Affects: epel-6 [bug 1628972]
Affects: fedora-all [bug 1628970]
Created mingw-lcms2 tracking bugs for this issue:
Affects: fedora-all [bug 1628971]
*** Bug 1640118 has been marked as a duplicate of this bug. ***
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2018:3004 https://access.redhat.com/errata/RHSA-2018:3004
This issue affects the versions of lcms2 as shipped with Red Hat Enterprise Linux 7.