iccDEV Undefined Behavior Vulnerability in CIccOpDefEnvVar::Exec()

A vulnerability in iccDEV versions prior to 2.3.1.6 allows a crafted ICC profile to trigger undefined behavior in the function CIccOpDefEnvVar::Exec(). This occurs because invalid enum values are loaded for icSigCmmEnvVar, leading to the consumption of incorrect type values during ICC profile processing. The issue can be detected under Undefined Behavior Sanitizer (UBSan) as a load of an invalid value for the type icSigCmmEnvVar.

Impact

Exploitation of this vulnerability can cause undefined behavior that may lead to a process crash, creating a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by using iccDEV version 2.3.1.5. First, download a specific crafted ICC profile that triggers the vulnerability, along with a TIFF file to apply the profile to. Then, use the 'iccApplyProfiles' command-line tool to apply the ICC profile to the TIFF file. The undefined behavior can be observed in the output, which will indicate a runtime error due to the invalid enum value being processed.

Remediation

Users can update to iccDEV version 2.3.1.6, which addresses the vulnerability by adding validation to prevent undefined behavior when processing ICC profiles. Instructions for updating are available on the iccDEV GitHub repository.