The code in cc::PaintImageReader::Read (cc::PaintImage*) does not properly check the incoming data when handling embedded image data, resulting in an out-of-bounds copy into the filter bitmap data.
SHA-256 | 3442a632be9dec3260619421059a97062f1e5b5331769ad612a11a97ecf3ec9b
