iccDEV Segmentation Fault Vulnerability in CIccTagArray Cleanup Function
Vulnerability
A segmentation fault vulnerability has been identified in iccDEV versions prior to 2.3.1.6. The issue arises in the CIccTagArray::Cleanup() function, where a crafted ICC profile can cause misaligned pointer loads and invalid reads, leading to a process crash. This vulnerability is detectable under Undefined Behavior Sanitizer (UBSan) and AddressSanitizer (ASan) as a misaligned member access, which triggers a segmentation fault. The problem occurs when the 'iccRoundTrip' tool processes a malicious ICC profile.
Impact
Exploitation of this vulnerability causes a segmentation fault, leading to a crash of the affected process, which can be classified as a denial-of-service condition.
Reproduction
The vulnerability can be reproduced by compiling iccDEV with AddressSanitizer and Undefined Behavior Sanitizer enabled. After compiling the tool 'iccRoundTrip' with these sanitizers, the vulnerability can be triggered by using a specially crafted ICC profile that misaligns pointers, causing a segmentation fault when the profile is processed.
Remediation
Users can update to iccDEV version 2.3.1.6 or later, available through the GitHub Container Registry.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.