Mozilla Foundation Security Advisory 2015-98

Out of bounds read in QCMS library with ICC V4 profile attributes

Announced
September 22, 2015
Reporter
Felix Gröbert
Impact
Moderate
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 41
  • SeaMonkey 2.38

Description

Security researcher Felix Gröbert of Google discovered an out of bounds read in the QCMS color management library while manipulating an image with specific attributes in its ICC V4 profile. This causes a crash and could lead to information disclosure.

References