iccDEV Type Confusion Vulnerability in EvaluateProfile Function Allows for Memory Corruption

A type confusion vulnerability has been identified in the iccDEV library, specifically in versions prior to 2.3.1.2. The issue arises in the 'icStatusCMM::CIccEvalCompare::EvaluateProfile()' function, where improper handling of International Color Consortium (ICC) color profiles can lead to memory corruption. This vulnerability affects users who process ICC color profiles using the iccDEV library.

Impact

Exploitation of this vulnerability causes a type confusion error, leading to a runtime error where a memory address is incorrectly downcasted. This mismanagement of memory can result in undefined behavior, such as a heap-buffer-overflow, which is commonly associated with memory corruption vulnerabilities.

Reproduction

The vulnerability can be reproduced by processing a specific ICC profile that triggers the faulty downcasting in the 'EvaluateProfile' function. This can be done using the 'iccRoundTrip' tool included in the iccDEV package, after building the application with AddressSanitizer enabled. The 'PCC/Lab_float-D50_2deg.icc' profile can be used to demonstrate the vulnerability, as it causes the application to mismanage memory by incorrectly downcasting an object, leading to a runtime error.

Remediation

Users can upgrade to iccDEV version 2.3.1.2 or later, where this vulnerability has been patched.