iccDEV Undefined Behavior Vulnerability in CIccCalculatorFunc::ApplySequence()

A vulnerability in iccDEV versions prior to 2.3.1.6 allows crafted ICC profiles to trigger undefined behavior in the function CIccCalculatorFunc::ApplySequence(). This issue arises from invalid enum values being loaded for icChannelFuncSignature, leading to a type confusion during ICC profile processing. The vulnerability can be detected under Undefined Behavior Sanitizer (UBSan) as a runtime error, indicating that an invalid value was loaded for the expected enum type. This flaw can cause a crash, creating a denial-of-service condition.

Impact

Exploitation of this vulnerability can lead to a process crash, causing a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by compiling iccDEV with AddressSanitizer and Undefined Behavior Sanitizer enabled. After compiling the tool with these sanitizers, a crafted ICC profile that exploits the vulnerability can be processed, triggering the undefined behavior. The issue can be observed in the IccMpeCalc.cpp file, specifically at line 3482, where the undefined behavior occurs.

Remediation

Users can update to iccDEV version 2.3.1.6 or later, which addresses the vulnerability by properly defining the icChannelFuncSignature enum, adding sentinel range values for safe validation, and correcting the handling of ICC profiles to prevent the type confusion that led to the undefined behavior.