lcms2: add upstream security fix for CVE-2018-16435
Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. For more details, see: https://github.com/mm2/Little-CMS/issues/171 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16435 The upstream fix unfortunately includes a number of unrelated changes, but thse files are not used when building for Linux. Signed-off-by:Peter Korsgaard <peter@korsgaard.com>
Loading
Please register or sign in to comment