iccDEV Undefined Behavior Vulnerability in Enum Handling Allowing for Potential Issues with ICC Profiles
Vulnerability
A vulnerability in iccDEV prior to version 2.3.1.2 allows for undefined behavior when the library processes ICC color profiles. This issue stems from an invalid enum value in the 'icMaterialColorSignature' enum, which can lead to improper handling of color profile data. The vulnerability is particularly relevant for users of the wxProfileDump tool, which may encounter runtime errors when processing profiles with malformed or malicious material color signature values.
Impact
Exploitation of this vulnerability can cause undefined behavior, leading to runtime errors and potential crashes when the affected tool or library processes invalid ICC profile data.
Reproduction
The vulnerability can be reproduced by using the wxProfileDump tool to open an ICC profile file that contains invalid material color signature values. This will trigger runtime errors related to the undefined behavior caused by the invalid enum values.
Remediation
Users can upgrade to iccDEV version 2.3.1.2 or later to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.