ELA-40-1 lcms2 security update

heap-based buffer overflow

2018-09-18
Packagelcms2
Version2.2+git20110628-2.2+deb7u3
Related CVE CVE-2018-16435

Little CMS (aka Little Color Management System) has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.

For Debian 7 Wheezy, these problems have been fixed in version 2.2+git20110628-2.2+deb7u3.

We recommend that you upgrade your lcms2 packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/