iccDEV Heap Buffer Overflow Vulnerability in ICC Profile Parsing Function Allowing Code Execution

A heap buffer overflow vulnerability has been identified in the iccDEV library, specifically in versions prior to 2.3.1.2. The issue arises in the CIccTagXmlSegmentedCurve::ToXml() function, where user-controlled input is improperly integrated into ICC profile data or other structured binary blobs. This vulnerability can be exploited to cause memory corruption, leading to potential denial-of-service conditions, data manipulation, application logic bypassing, and in some cases, arbitrary code execution when affected native libraries handle the malformed ICC profile.

Impact

Exploitation of this vulnerability causes a heap buffer overflow, which can lead to memory corruption. This vulnerability allows for denial-of-service conditions and, in some contexts, arbitrary code execution when vulnerable native libraries process the malformed ICC profile.

Reproduction

The vulnerability can be reproduced by crafting an ICC profile that includes user-controllable input in a way that exploits the improper handling of data in the CIccTagXmlSegmentedCurve::ToXml() function. This can be done by using the 'iccFromXml' command-line tool included with iccDEV, along with a specially crafted XML file that triggers the heap buffer overflow. The AddressSanitizer can be used to verify the heap-buffer-overflow error.

Remediation

Users can update to iccDEV version 2.3.1.2 or later, where this vulnerability has been fixed.