iccDEV Heap-Based Buffer Overflow Vulnerability in CIccCalculatorFunc::ApplySequence()

A heap-based buffer overflow vulnerability has been identified in iccDEV versions prior to 2.3.1.5. This issue occurs in the CIccCalculatorFunc::ApplySequence() method, where the vulnerability leads to an out-of-bounds read, causing an application crash. The root cause lies in the failure to properly validate the number of operations against the array size, allowing for the heap-buffer-overflow condition.

Impact

Exploitation of this vulnerability causes a heap-based buffer overflow, leading to a crash of the application. Such heap-overflow vulnerabilities can often be exploited to execute arbitrary code under certain conditions.

Reproduction

The vulnerability can be reproduced by using a crafted ICC file that triggers the out-of-bounds read in the CIccCalculatorFunc::ApplySequence() method. This can be done by using the 'iccApplyNamedCmm' tool included in the iccDEV package, and providing the malformed ICC file as input. The AddressSanitizer can be used to detect the heap-buffer-overflow error, confirming the presence of the vulnerability.

Remediation

Users can update to iccDEV version 2.3.1.5 or later, where this vulnerability has been fixed. The latest version can be downloaded from the GitHub Releases page or via package managers such as Homebrew, NPM, or Docker.