iccDEV Stack Buffer Overflow Vulnerability in CIccXform3DLut::Apply()
Vulnerability
A stack buffer overflow vulnerability has been identified in iccDEV versions prior to 2.3.1.5. The issue occurs in the CIccXform3DLut::Apply() function, where improper handling of data leads to memory corruption or application crashes. This vulnerability requires user interaction to be exploited.
Impact
Exploitation of this vulnerability leads to a stack buffer overflow, allowing for memory corruption or application crashes. According to the GitHub advisory, this type of vulnerability can potentially be exploited to execute arbitrary code.
Reproduction
The vulnerability can be reproduced by using a crafted ICC profile that exploits the buffer overflow in the CIccXform3DLut::Apply() function. This can be done by downloading the vulnerable ICC profile and a test image, then using the 'iccApplyProfiles' command-line tool to apply the profile to the image. The AddressSanitizer will report the stack buffer overflow error, indicating that the vulnerability has been successfully exploited.
Remediation
Users can upgrade to iccDEV version 2.3.1.5 or later to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.