iccDEV Heap-Buffer-Overflow Vulnerability in TIFF Processing Component

A heap-buffer-overflow vulnerability has been identified in iccDEV versions prior to 2.3.1.6. This issue arises in the CTiffImg::WriteLine() function, where a crafted ICC profile and TIFF input can trigger an out-of-bounds heap read. The vulnerability is exposed when the 'iccSpecSepToTiff' tool processes a malicious .icc and .tif file pair, leading to a crash during TIFF strip writing. The vulnerability has been patched in version 2.3.1.6.

Impact

Exploitation of this vulnerability causes a denial-of-service condition by crashing the process. The heap-buffer-overflow can potentially be exploited to execute arbitrary code, as is common with such vulnerabilities.

Reproduction

The vulnerability can be reproduced by compiling iccDEV with AddressSanitizer enabled, using a specific set of compiler flags that activate memory error detection. After compiling the tool, the 'iccSpecSepToTiff' command can be run with a malicious ICC profile and TIFF file that exploit the buffer-overflow vulnerability. The AddressSanitizer will report the heap-buffer-overflow error, indicating that the vulnerability has been successfully exploited.

Remediation

Users can update to iccDEV version 2.3.1.6 or later, where this vulnerability has been fixed.