iccDEV NULL Pointer Dereference Vulnerability in CIccProfile::CheckTagTypes()
Vulnerability
A NULL pointer dereference vulnerability has been identified in the iccDEV library, specifically in versions prior to 2.3.1.2. This vulnerability occurs in the 'CIccProfile::CheckTagTypes()' function, where the code improperly handles NULL pointers, leading to potential crashes. The issue was discovered through fuzz testing with LibFuzzer, which revealed that certain malformed ICC color profiles could trigger the vulnerability. Users of the iccDEV library who process ICC color profiles are affected by this vulnerability.
Impact
Exploitation of this vulnerability leads to a NULL pointer dereference, causing a crash in the application. However, such crashes can often be exploited to execute arbitrary code under certain conditions.
Reproduction
The vulnerability can be reproduced by using the 'icc_profile_fuzzer' with an empty corpus, a maximum input length of 4096 bytes, and a seed value of 1337. This fuzzing configuration can be applied using the 'iccDEV Docker Image' available on GitHub.
Remediation
Users can upgrade to iccDEV version 2.3.1.2, which includes the necessary patch to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.