iccDEV Heap Buffer Overflow Vulnerability in CIccFileIO::Read8() Allows for Memory Corruption

A heap buffer overflow vulnerability has been identified in the iccDEV library, specifically in the CIccFileIO::Read8() function. This vulnerability exists in versions prior to 2.3.1.3 and arises when the function processes malformed ICC profile files. The issue is caused by an unchecked fread operation, which can lead to memory corruption.

Impact

Exploitation of this vulnerability causes a heap buffer overflow, which can be exploited to corrupt memory. This type of vulnerability can often be used to execute arbitrary code, especially when the corrupted memory is processed by vulnerable native libraries.

Reproduction

The vulnerability can be reproduced by using the 'iccV5DspObsToV4Dsp' command-line tool included in the iccDEV repository. This tool can be used to process a specially crafted ICC profile file that triggers the heap buffer overflow. The 'heap-buffer-overflow-display-CIccFileIO-Read8-IccIO_cpp-Line508.icc' file, available in the 'xsscx/fuzz' repository, contains the necessary payload to exploit the vulnerability. After processing the file with the tool, the AddressSanitizer will report a heap-buffer-overflow error, indicating that the vulnerability has been successfully exploited.

Remediation

Users can upgrade to iccDEV version 2.3.1.3 or later to address this vulnerability.