iccDEV Heap Buffer Overflow Vulnerability in CIccMpeCalculator Allowing Code Execution

A heap buffer overflow vulnerability has been identified in iccDEV versions through 2.3.1.1, specifically in the CIccMpeCalculator::Read() function. This vulnerability arises from the unsafe incorporation of user-controllable input into ICC profile data or other structured binary blobs. Successful exploitation of this vulnerability can lead to memory corruption, allowing an attacker to manipulate data, bypass application logic, cause a denial-of-service, and potentially execute arbitrary code, particularly when vulnerable native libraries process the malformed ICC profiles.

Impact

Exploitation of this vulnerability causes a heap buffer overflow, leading to memory corruption. This can allow for arbitrary code execution in contexts where the corrupted memory is processed by vulnerable native libraries.

Reproduction

The vulnerability can be reproduced by injecting a crafted ICC profile that exploits the buffer overflow in the CIccMpeCalculator::Read() function. This can be done using the 'iccToXml' tool included with iccDEV, which processes ICC files and can be used to trigger the vulnerability by reading the crafted profile that manipulates the subelement count to exceed the buffer limit.

Remediation

Users can update to iccDEV version 2.3.1.2 or later, where this vulnerability has been fixed.