iccDEV Type Confusion Vulnerability in ToXmlCurve Function Allows for Memory Corruption

A type confusion vulnerability has been identified in the iccDEV library, specifically in versions prior to 2.3.1.2. The issue arises in the ToXmlCurve() function within the IccXML/IccLibXML/IccMpeXml.cpp file. This vulnerability allows for improper handling of International Color Consortium (ICC) color management profiles, potentially leading to memory corruption.

Impact

Exploitation of this vulnerability causes a type confusion error, where an object is incorrectly downcasted, leading to undefined behavior. This type of memory corruption can often be exploited to execute arbitrary code or cause a program to crash.

Reproduction

The vulnerability can be reproduced by using the 'iccFromXml' command to convert an ICC profile into an XML representation, followed by the 'iccToXml' command to convert it back. This process triggers the type confusion in the ToXmlCurve() function, as the XML conversion does not correctly handle the object types, leading to a runtime error.

Remediation

Users can upgrade to iccDEV version 2.3.1.2 or later, where this vulnerability has been patched.