Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.
{ "vanir_signatures": [ { "signature_type": "Function", "signature_version": "v1", "source": "https://github.com/mm2/little-cms/commit/768f70ca405cd3159d990e962d54456773bb8cf8", "deprecated": false, "id": "CVE-2018-16435-145ab397", "target": { "file": "src/cmscgats.c", "function": "AllocateDataSet" }, "digest": { "length": 495.0, "function_hash": "289413441468416616139089740172043071606" } }, { "signature_type": "Line", "signature_version": "v1", "source": "https://github.com/mm2/little-cms/commit/768f70ca405cd3159d990e962d54456773bb8cf8", "deprecated": false, "id": "CVE-2018-16435-8ca9d527", "target": { "file": "src/cmscgats.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "64461819997124482979106334286118280424", "215041857296242105574815240746909299689", "75106329927921068269574548044125513763", "268625472409093130820740598677676587993", "267438632354151732730819967558379999806", "163551188216957160249149735703588185421", "131517083498262472784063732309604051117" ] } } ] }