| Bug ID | 1021364 |
|---|---|
| Summary | VUL-0: lcms2: heap OOB read parsing crafted ICC profile |
| Classification | openSUSE |
| Product | openSUSE Distribution |
| Version | Leap 42.2 |
| Hardware | Other |
| OS | Other |
| Status | NEW |
| Severity | Normal |
| Priority | P5 - None |
| Component | Security |
| Assignee | security-team@suse.de |
| Reporter | mikhail.kasimov@gmail.com |
| QA Contact | qa-bugs@suse.de |
| Found By | --- |
| Blocker | --- |
Ref: http://seclists.org/oss-sec/2017/q1/168 ================================================== Originally disclosed on this list in August by Ibrahim El-Sayed, but the CVE request was unclear so I guess it got lost: http://seclists.org/oss-sec/2016/q3/288 An out-of-bounds heap read in lcms2 ("Little Colour Management System"), in the function Type_MLU_Read in cmstypes.c. This could be triggered by an untrusted image with a crafted ICC profile. Fixed in commit: https://github.com/mm2/Little-CMS/commit/5ca71a7b lcms2 is fairly bundled in various OpenJDK releases, so distributions should check carefully whether they use bundled versions, and if so, whether those have picked up the patch. Some more information at Red Hat bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1367357 ==================================================