iccDEV Heap-Buffer-Overflow Vulnerability in CIccMpeSpectralMatrix::Describe()

A heap-buffer-overflow vulnerability has been identified in iccDEV versions prior to 2.3.1.6. The issue arises in the CIccMpeSpectralMatrix::Describe() function, where a crafted ICC profile can trigger an out-of-bounds heap read. This vulnerability is detectable under AddressSanitizer when the iccDumpProfile tool is used on a malicious profile. The root cause of the vulnerability is the lack of proper validation for input channel counts, allowing for invalid memory allocations that lead to the heap-overflow condition.

Impact

Exploitation of this vulnerability causes a heap-buffer-overflow, which can lead to a process crash, creating a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by compiling iccDEV with AddressSanitizer enabled, using Clang as the compiler. After compiling the tool with the appropriate flags, the iccDumpProfile command can be executed on a specially crafted ICC profile that exploits the vulnerability. The AddressSanitizer will report the heap-buffer-overflow error, indicating that the vulnerability has been successfully triggered.

Remediation

Users can update to iccDEV version 2.3.1.6 or later, where this vulnerability has been patched. Instructions for updating via NPM, Homebrew, Docker, and NixOS are available in the GitHub advisory.