Chrome PaintImage Deserialization Out-Of-Bounds Read

The code in cc::PaintImageReader::Read (cc::PaintImage*) does not properly check the incoming data when handling embedded image data, resulting in an out-of-bounds copy into the filter bitmap data.