iccDEV Undefined Behavior and Out of Memory Vulnerability

A vulnerability in the iccDEV library, specifically in versions prior to 2.3.1.1, has been identified. This issue leads to undefined behavior and out-of-memory errors when processing ICC color profiles. The vulnerability arises in the 'CIccTagText::Read' function, where improper handling of tag sizes can cause excessive memory allocation, eventually leading to memory exhaustion. This issue was discovered using libFuzzer, which highlighted the out-of-memory condition and the undefined behavior related to loading invalid values for color signature types.

Impact

Exploitation of this vulnerability causes undefined behavior and out-of-memory conditions, which can lead to application crashes or other unpredictable behavior.

Reproduction

The vulnerability can be reproduced by using the 'iccDumpProfile' tool included in the iccDEV library. This tool can be fed a crafted ICC profile that triggers the vulnerability. The profile should be designed to exploit the improper size handling in the 'CIccTagText::Read' function, causing the application to allocate excessive memory and eventually run out of resources.

Remediation

Users can upgrade to version 2.3.1.2 or later, where this vulnerability has been fixed.