iccDEV Denial-of-Service Vulnerability via Infinite Loop in CalcProfileID Function
Vulnerability
A denial-of-service vulnerability has been identified in the iccDEV library, specifically in versions prior to 2.3.1.1. The issue arises from an infinite loop in the IccProfile.cpp file, within the CalcProfileID function. This loop can be triggered by certain fuzzed XML files, causing the program to hang indefinitely while processing the data. The vulnerability has been addressed in version 2.3.1.2.
Impact
Exploitation of this vulnerability leads to an infinite loop, causing the application to hang and become unresponsive, which can disrupt normal operations and processing tasks.
Reproduction
The vulnerability can be reproduced by using the 'iccFromXML' function to process specific XML files that have been fuzzed to trigger the infinite loop. This can be done manually or through an automated script that simulates the same conditions.
Remediation
Users can upgrade to version 2.3.1.2 or later to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.