iccDEV Heap Buffer Overflow Vulnerability in ICC Profile Processing
Vulnerability
A heap buffer overflow vulnerability has been identified in the iccDEV library, specifically in versions prior to 2.3.1.2. This vulnerability arises in the 'CIccTagLut16::Validate()' function, where improper validation of International Color Consortium (ICC) color profiles can be exploited. The issue is triggered when the input or output curve counts of a Look-Up Table (LUT) do not align with the Profile Connection Space (PCS) and color space, leading to memory corruption.
Impact
Exploitation of this vulnerability causes a heap buffer overflow, which can typically lead to memory corruption and potentially allow for arbitrary code execution.
Reproduction
The vulnerability can be reproduced by using the 'iccDumpProfile' tool to process an ICC profile that contains LUTs with mismatched curve counts. This can be done by specifying the profile file as an argument to the 'iccDumpProfile' command. The AddressSanitizer (ASan) will report a heap-buffer-overflow error, indicating that the vulnerability has been successfully triggered.
Remediation
Users can upgrade to iccDEV version 2.3.1.2 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.