iccDEV NULL Pointer Dereference Vulnerability in Signature Parser

A NULL pointer dereference vulnerability has been identified in the iccDEV library, which is used for managing ICC color profiles. This issue arises in versions prior to 2.3.1.2, where the signature parser does not properly validate input, leading to a potential segmentation fault. The vulnerability was introduced in the initial implementation of the 'icGetSigVal' function, which processes signature data from ICC profiles. Exploitation of this vulnerability requires the library to be used in a context where ICC profiles are being parsed, and it can be triggered by providing a malformed XML file that the parser attempts to process.

Impact

Exploitation of this vulnerability causes a segmentation fault, terminating the program that is using the iccDEV library. This type of error occurs when the program tries to read memory that it is not allowed to access, specifically the zero page, which can lead to a crash.

Reproduction

The vulnerability can be reproduced by using the 'iccFromXml' command-line tool included in the iccDEV distribution. This tool can be directed to process an XML file that contains an invalid signature reference, which will trigger the NULL pointer dereference. The AddressSanitizer, a memory error detector, can be used to verify that the segmentation fault occurs as a result of the vulnerability.

Remediation

Users can upgrade to iccDEV version 2.3.1.2 or later, where this vulnerability has been fixed. The issue was addressed by adding a NULL check in the 'icGetSigVal' function to ensure that invalid input does not lead to a segmentation fault.