iccDEV Heap-Based Buffer Overflow Vulnerability in CIccMatrixMath::SetRange()
Vulnerability
A heap-based buffer overflow vulnerability has been identified in iccDEV versions prior to 2.3.1.5. The issue occurs in the CIccMatrixMath::SetRange() function, leading to memory corruption or application crashes. This vulnerability requires user interaction to exploit.
Impact
Exploitation of this vulnerability causes a heap-based buffer overflow, which can lead to memory corruption and application crashes.
Reproduction
The vulnerability can be reproduced by downloading a specific ICC file that triggers the buffer overflow when processed with the 'iccApplyNamedCmm' command-line tool. This tool is part of the iccDEV package. After preparing the ICC file, the command can be executed to demonstrate the vulnerability, which will result in a heap-buffer-overflow error reported by AddressSanitizer.
Remediation
Users can update to iccDEV version 2.3.1.5 or later, where this vulnerability has been fixed. The latest version can be installed via package managers such as Homebrew, NPM, or Docker.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.