Ubuntu Security Notice 652-1 - Chris Evans discovered that certain ICC operations in lcms were not correctly bounds-checked. If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could crash applications linked against liblcms1, leading to a denial of service, or possibly execute arbitrary code with user privileges.
8356283a00a6c079cc16db3dc7a76af22067536f991ab0a4ef9e2f9964f1083d