iccDEV Null-Pointer Dereference Vulnerability in CIccTagLut16::Write()

A null-pointer dereference vulnerability has been identified in iccDEV versions prior to 2.3.1.6. The issue occurs in the CIccTagLut16::Write() function, where a crafted ICC profile embedded in a TIFF file can trigger the vulnerability. This results in a crash when the profile is processed, as the function attempts to dereference a null pointer. The vulnerability has been patched in version 2.3.1.6.

Impact

Exploitation of this vulnerability leads to a null-pointer dereference, causing a crash. This can disrupt the normal operation of tools that process ICC profiles, creating a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by first downloading the crafted ICC file that triggers the null-pointer dereference. This file can be obtained from the GitHub repository of the International Color Consortium, under the 'fuzz' branch, in the 'graphics/tif' directory. Once the file is downloaded, it can be processed using the 'iccTiffDump' tool, which is part of the iccDEV suite. The tool will extract the embedded ICC profile from the TIFF file, and when the crafted profile is written using the 'CIccTagLut16::Write()' function, the null-pointer dereference will occur, causing a crash.

Remediation

Users can update to iccDEV version 2.3.1.6 or later to address this vulnerability.