iccDEV Heap-Based Buffer Overflow Vulnerability in XML Text Description Parsing

A heap-based buffer overflow vulnerability has been identified in iccDEV versions prior to 2.3.1.4. The issue arises in the CIccTagTextDescription::Release() function, where the strlen() function improperly reads beyond the end of a heap buffer while parsing XML text description tags in ICC profiles. This out-of-bounds read can lead to a crash and potentially disclose memory contents. The vulnerability requires user interaction, as it involves processing supplied XML or profile data.

Impact

Exploitation of this vulnerability causes a heap-buffer-overflow, leading to a crash. However, such heap-overflow vulnerabilities can often be exploited to execute arbitrary code under certain conditions.

Reproduction

The vulnerability can be reproduced by using the 'iccFromXml' tool included in the iccDEV package. After downloading an XML file crafted to trigger the heap-buffer-overflow (which can be obtained from the 'xsscx' GitHub repository), the file can be processed with 'iccFromXml', which will parse the XML and inadvertently read past the allocated buffer, causing a heap-buffer-overflow error. This can be verified by using a build of the tool that includes AddressSanitizer, which will report the heap-buffer-overflow error.

Remediation

Users can update to iccDEV version 2.3.1.4 or later, where this vulnerability has been fixed.