ExifReader Denial-of-Service Vulnerability via Improper ICC Tag Parsing

A denial-of-service vulnerability has been identified in the ExifReader package, affecting versions prior to 4.39.0. The issue arises when the library processes crafted images containing an ICC 'mluc' tag. These tags can be manipulated to include a record count controlled by an attacker, alongside a record size of zero. During the parsing of such images, ExifReader fails to validate the bounds properly, leading to excessive memory consumption as the same record is processed repeatedly. This vulnerability can cause memory exhaustion in applications that handle attacker-supplied images.

Impact

Exploitation of this vulnerability can lead to memory exhaustion, causing denial-of-service conditions in applications that parse affected images.

Reproduction

The vulnerability can be reproduced by using ExifReader to load a JPEG image that includes an ICC profile with a 'mluc' tag. This tag should be crafted to have a high record count while setting the record size to zero, which will cause ExifReader to enter a loop, repeatedly processing the same record without advancing the read offset. This can be done by creating a buffer that simulates the ICC profile with the malicious 'mluc' tag and then loading it with ExifReader.

Remediation

Users are advised to upgrade ExifReader to version 4.39.0 or higher.