iccDEV: HBO in CTiffImg::WriteLine()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile and TIFF input can trigger a heap-buffer-overflow (HBO) in CTiffImg::WriteLine(). The issue is observable under AddressSanitizer as an out-of-bounds heap read when running iccSpecSepToTiff on a malicious .icc + .tif pair, leading to a crash during TIFF strip writing. This issue has been patched in version 2.3.1.6.

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

堆缓冲区溢出

iccDEV 安全漏洞

iccDEV是International Color Consortium开源的一个颜色配置代码库。 iccDEV 2.3.1.6之前版本存在安全漏洞，该漏洞源于处理特制ICC配置文件和TIFF输入时存在堆缓冲区溢出，可能导致越界读取和进程崩溃。

N/A

N/A