Hi, the change in  issue 657282  does not appear to have fixed the underlying issue here - mind taking a look?

I will report this issue to upstream.

A friendly reminder that M55 Stable is launch is coming soon! Your bug is labelled as Stable ReleaseBlock, pls make sure to land the fix and get it merged into the release branch ASAP so it gets enough baking time in Beta (before Stable promotion). Thank you!

Also due to Thanksgiving holidays in US, please make sure fix is ready and merged to M55 latest by 5:00 PM PT Wednesday, 11/23/16 (sooner the better).

Out of time for M55 unfortunately. I'm OK not blocking the release on this - moving to M56.

 Issue 668149  has been merged into this issue.

kcwu: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

FYI, two weeks ago, I have reported this issue to upstream and got response that they plan to handle this issue in next release.

kcwu: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The following revision refers to this bug:
  https://pdfium.googlesource.com/pdfium.git/+/da587fab57602e5e10c058e6e632df513fba0c93

commit da587fab57602e5e10c058e6e632df513fba0c93
Author: kcwu <kcwu@chromium.org>
Date: Sat Dec 17 03:42:30 2016

lcms: Sanitize floating point read

This is partially backported from upstream
    https://github.com/mm2/Little-CMS/commit/4011a6e3

BUG= chromium:665054 

Review-Url: https://codereview.chromium.org/2577963007

[add] https://crrev.com/da587fab57602e5e10c058e6e632df513fba0c93/third_party/lcms2-2.6/0015-sanitize-float-read.patch
[modify] https://crrev.com/da587fab57602e5e10c058e6e632df513fba0c93/third_party/lcms2-2.6/README.pdfium
[modify] https://crrev.com/da587fab57602e5e10c058e6e632df513fba0c93/third_party/lcms2-2.6/src/cmsplugin.c

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/3495d05a73e8c5d4227bf0a053b415f190b0354e

commit 3495d05a73e8c5d4227bf0a053b415f190b0354e
Author: pdfium-deps-roller <pdfium-deps-roller@chromium.org>
Date: Sat Dec 17 05:36:25 2016

Roll src/third_party/pdfium/ d5b81ce57..da587fab5 (1 commit).

https://pdfium.googlesource.com/pdfium.git/+log/d5b81ce57223..da587fab5760

$ git log d5b81ce57..da587fab5 --date=short --no-merges --format='%ad %ae %s'
2016-12-16 kcwu lcms: Sanitize floating point read

BUG= 665054 

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, see:
http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls

TBR=dsinclair@chromium.org

Review-Url: https://codereview.chromium.org/2585983002
Cr-Commit-Position: refs/heads/master@{#439327}

[modify] https://crrev.com/3495d05a73e8c5d4227bf0a053b415f190b0354e/DEPS

ClusterFuzz testcase 5976201475915776 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

ClusterFuzz has detected this issue as fixed in range 439312:439335.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4686966764601344

Fuzzer: libfuzzer_pdf_codec_icc_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: Heap-buffer-overflow READ 4
Crash Address: 0x60c0000007b0
Crash State:
  TetrahedralInterpFloat
  EvaluateCLUTfloat
  _LUTevalFloat
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=420535:420584
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=439312:439335

Minimized Testcase (0.29 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96VOrzoZkgpZxiMxG0I68uqDGheo5EvK-iCfRTy4M5qrQQyycTkK8fw_ud5LI6ttm6-Z26vzeL4qqakTVxle2ni9xkkN4TJt9m7OEz1z5ocsjEVbQRYZ7gSK8-PtrytJ8vXO74CyuK-Hb7psUVBaThgtXeEKg?testcase_id=4686966764601344

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

This bug requires manual review: DEPS changes referenced in bugdroid comments.
Please contact the milestone owner if you have questions.
Owners: amineer@(clank), cmasso@(bling), gkihumba@(cros), bustamante@(desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Approved for merge into M56

 Issue 696106  has been merged into this issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

ClusterFuzz testcase 5776305430986752 is still reproducing on tip-of-tree build (trunk).

Please re-test your fix against this testcase and if the fix was incorrect or incomplete, please re-open the bug. Otherwise, ignore this notification and add ClusterFuzz-Wrong label.

Uh testcase 5776305430986752 is not even the one corresponding to this bug?

ClusterFuzz was not wrong, previously that testcase was attached to the duped  bug 696106 . Now i created a new bug - https://bugs.chromium.org/p/chromium/issues/detail?id=743162