mirror of
https://github.com/motioneye-project/motioneyeos.git
synced 2025-04-19 21:07:17 +00:00
9f81f578eb
Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. For more details, see: https://github.com/mm2/Little-CMS/issues/171 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16435 The upstream fix unfortunately includes a number of unrelated changes, but thse files are not used when building for Linux. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>