Mozilla Foundation Security Advisory 2015-98
Out of bounds read in QCMS library with ICC V4 profile attributes
- Announced
- September 22, 2015
- Reporter
- Felix Gröbert
- Impact
- Moderate
- Products
- Firefox, SeaMonkey
- Fixed in
-
- Firefox 41
- SeaMonkey 2.38
Description
Security researcher Felix Gröbert of Google discovered an out of
bounds read in the QCMS color management library while manipulating an image with specific
attributes in its ICC V4 profile. This causes a crash and could lead to information
disclosure.
References