iccDEV Signed Integer Overflow Vulnerability in Cube Input Processing

A signed integer overflow vulnerability has been identified in iccDEV versions prior to 2.3.1.4. The issue occurs in the 'iccFromCube' tool, specifically within the 'parse3DTable' function of 'iccFromCube.cpp'. When processing large or crafted cube inputs, the vulnerability triggers undefined behavior, which can lead to crashes or the generation of incorrect ICC profiles. This vulnerability arises from unsafe multiplication operations that do not properly validate input sizes before performing calculations.

Impact

Exploitation of this vulnerability causes a signed integer overflow, leading to undefined behavior. This can result in crashes or incorrect generation of ICC profiles, particularly when processing large or specially crafted cube inputs.

Reproduction

The vulnerability can be reproduced by using the 'iccFromCube' tool with an input file that contains crafted cube data designed to trigger the signed integer overflow. This can be done by specifying a cube size that exceeds safe limits, which will cause the tool to crash or produce a malformed ICC profile.

Remediation

The vulnerability has been patched in commit 43ae18dd69fc70190d3632a18a3af2f3da1e052a. Users should update to version 2.3.1.4 or later.