iccDEV Undefined Behavior Vulnerability in ICC Profile XML Parsing Leading to Memory Corruption and Arbitrary Code Execution
Vulnerability
A vulnerability exists in the iccDEV library, specifically in versions prior to 2.3.1.2, where floating-point NaN values are improperly converted to unsigned short integers during the parsing of ICC profile XML. This conversion error can cause memory corruption, creating an opportunity for arbitrary code execution. The issue is categorized as an ICC Profile Injection vulnerability, which arises when user-controlled input is unsafe incorporated into ICC profile data or other structured binary blobs.
Impact
Exploitation of this vulnerability can lead to undefined behavior, including memory corruption and arbitrary code execution, particularly when malformed ICC profiles are processed by vulnerable native libraries.
Reproduction
The vulnerability can be reproduced by crafting an ICC profile XML file that includes NaN values in a format in ICC tags expected to be unsigned short integers. This malformed profile can then be processed with the iccDEV tool 'iccFromXml', which will convert the XML into an ICC file, triggering the vulnerability.
Remediation
Users can upgrade to iccDEV version 2.3.1.2 or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.