iccDEV Heap-Buffer-Overflow Vulnerability in XML Conversion Tool

A heap-buffer-overflow vulnerability has been identified in the iccDEV library, specifically in the 'icAnsiToUtf8()' function within the XML conversion process. This vulnerability, present in versions prior to 2.3.1.6, is triggered by a specially crafted ICC profile that causes the function to misinterpret an input buffer as a null-terminated C-string. This leads to out-of-bounds memory access, with AddressSanitizer reporting a read of 115 bytes past a 114-byte heap allocation. The issue was observed while using the 'iccToXml' tool.

Impact

Exploitation of this vulnerability causes a heap-buffer-overflow, which can lead to memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by downloading a crafted ICC file that triggers the buffer overflow when processed by the 'iccToXml' tool. This can be done using 'wget' to fetch the ICC file, followed by running 'iccToXml' with the downloaded file as input, while using 'gdb' to monitor the process for AddressSanitizer's error report, which indicates the heap-buffer-overflow.

Remediation

Users can update to version 2.3.1.6, where this vulnerability has been patched. Instructions for updating via NPM, Homebrew, Docker, and NixOS are available in the advisory.