iccDEV Undefined Behavior Vulnerability in CIccTagSparseMatrixArray Prior to 2.3.1.2

A vulnerability in the iccDEV library, affecting versions prior to 2.3.1.2, has been identified. The issue arises from a null pointer being passed to the memcpy function in the CIccTagSparseMatrixArray class, leading to undefined behavior. This vulnerability can cause a runtime error by attempting to copy data into a null destination, which is not allowed.

Impact

Exploitation of this vulnerability leads to undefined behavior, causing a runtime error due to a null pointer being passed as an argument to the memcpy function. This error occurs in the CIccTagSparseMatrixArray class when the library processes ICC color profiles.

Reproduction

The vulnerability can be reproduced by using an ICC file that triggers the null pointer dereference in the CIccTagSparseMatrixArray class. This can be done by creating a profile with zero size or zero channels, which the library does not properly validate before performing memory operations. The undefined behavior can be observed by using the 'iccRoundTrip' command with the crafted ICC file, which will result in a runtime error indicating that a null pointer was passed to memcpy.

Remediation

Users can upgrade to iccDEV version 2.3.1.2 or later, where this vulnerability has been fixed.