iccDEV Undefined Behavior and Null Pointer Dereference Vulnerability in CIccProfileXml::ParseBasic() Allowing Denial-of-Service and Potential Code Execution

A vulnerability in the iccDEV library, affecting versions prior to 2.3.1.2, has been identified in the CIccProfileXml::ParseBasic() function. This vulnerability arises from a null pointer dereference and undefined behavior when user-controlled input is improperly integrated into ICC profile data or other structured binary blobs. Exploitation of this issue can lead to a denial-of-service condition, data manipulation, application logic bypass, and in some cases, arbitrary code execution.

Impact

Exploitation of this vulnerability causes a null pointer dereference, leading to a segmentation fault and a denial-of-service condition. However, in certain contexts, this vulnerability can be exploited to achieve arbitrary code execution when vulnerable native libraries process the malformed ICC profile.

Reproduction

The vulnerability can be reproduced by using a crafted ICC profile that exploits the null pointer dereference in the CIccProfileXml::ParseBasic() function. This can be done by uploading a profile with specific attributes that trigger the vulnerability, such as missing or improperly formatted data that the parser expects to be present.

Remediation

Users can update to iccDEV version 2.3.1.2 or later, where this vulnerability has been fixed.