OS-level color management systems are certainly a possible attack surface, but this has already been probed and cleaned up over the last decade or so from fuzzing image decoders. The ICC profiles used in CSS Color 4 as the same as those embedded in raster images or PDFs. See for example https://www.real-sec.com/2020/09/fuzzing-image-parsing-in-windows-part-one-color-profiles/ -- GitHub Notification of comment by svgeesus Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/5552#issuecomment-700675258 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-configReceived on Tuesday, 29 September 2020 12:40:35 UTC
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 06:42:17 UTC