A heap buffer overflow flaw was found in the Little CMS in PDFium component of the Chromium browser.
Created chromium tracking bugs for this issue:
Affects: epel-7 [bug 1640122]
Affects: fedora-all [bug 1640121]
(In reply to Andrej Nemec from comment #0)
The upstream chromium bug is still not public, but using the bug id, the following commit in the chromium repo:
points us to the pdfium repo, which contains the following commit:
which corresponds to the following LittleCMS / lcms upstream commit:
making this a duplicate of bug 1628969 / CVE-2018-16435.
*** This bug has been marked as a duplicate of bug 1628969 ***