iccDEV Heap Buffer Over-Read Vulnerability in ICC Profile Parsing

A heap buffer over-read vulnerability has been identified in the iccDEV library, specifically in versions prior to 2.3.1.2. This issue arises when the strlen() function attempts to read a non-null-terminated buffer, potentially leading to the leakage of heap memory contents and causing the application to terminate. The vulnerability affects users who process ICC color profiles, as it can be exploited by manipulating ICC tag tables, offsets, or size fields. Such exploitation may trigger parsing errors or memory corruption in downstream image-processing libraries, bypass application logic that relies on profile metadata, and cause a denial-of-service. In some contexts, it could even lead to arbitrary code execution when vulnerable native libraries process the malformed profile.

Impact

Exploitation of this vulnerability allows for a heap buffer over-read, which can leak heap memory contents, cause application termination, and in certain contexts, lead to arbitrary code execution.

Reproduction

The vulnerability can be reproduced by processing an ICC profile that contains a non-null-terminated string. This can be done using the 'iccFromXml' tool included with the iccDEV library, which will parse the ICC profile and trigger the vulnerability by reading the improperly terminated string.

Remediation

Users can upgrade to iccDEV version 2.3.1.2 or later, where this vulnerability has been fixed.