Xsscx

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.6 Description iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, an Undefined Behavior (UB) condition exists in IccProfLib/IccIO.cpp due to an implicit conversion from a negative signed integer to `size t` (unsigned), which alters the value. Recommendations Versions prior to 2.3.1.6 should be updated to version 2.3.1.6 or later.

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.6 Description iccDEV provides libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a heap-buffer-overflow (HBO) exists in the `icAnsiToUtf8()` function within the XML conversion path. This issue is triggered by a crafted ICC profile that causes `icAnsiToUtf8(std::string&, char const*)` to treat an input buffer as a C-string and perform operations relying on `strlen()` and null-termination. AddressSanitizer reports an out-of-bounds read of size 115 past a 114-byte heap allocation, observed when running the `iccToXml` tool. Recommendations Versions prior to 2.3.1.6 should be updated to version 2.3.1.6 or later.

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.6 Description ccDEV is a set of libraries and tools for working with ICC color management profiles. A crafted ICC profile can trigger Undefined Behavior (UB) via a null-pointer member call in `CIccCombinedConnectionConditions::CIccCombinedConnectionConditions()`. This issue is reachable when running `iccApplyNamedCmm` with the -PCC option using a malformed .icc profile. Recommendations Versions prior to 2.3.1.6 should be updated to version 2.3.1.6 or later.

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.6 Description iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior (UB) condition in IccUtil.cpp triggered by a crafted input profile. Under UndefinedBehaviorSanitizer, the issue is reported as invalid left shift operations on `icUInt32Number` (unsigned 32-bit) where the shifted value “cannot be represented” in that type. Recommendations Update to version 2.3.1.6 or later.

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.6 Description iccDEV is a set of libraries and tools for working with ICC color management profiles. Versions prior to 2.3.1.6 contain an Undefined Behavior (UB) issue in the `IccTagLut.cpp` file. The code performs member access through a null pointer of type `CIccApplyCLUT`. Recommendations Versions prior to 2.3.1.6 should be updated to version 2.3.1.6 or later.

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.6 Description iccDEV is a set of libraries and tools for working with ICC color management profiles. Versions prior to 2.3.1.6 contain a stack-buffer-overflow (SBO) in the `CIccTagFixedNum<>::GetValues()` function, triggered through a related bug chain involving `CIccTagStruct::GetElemNumberValue()`. This results in a write of size 4 overflowing a 4-byte stack variable (`rv`). Recommendations Update to version 2.3.1.6 or later.

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.6 Description iccDEV provides libraries and tools for working with ICC color management profiles. A manipulated ICC profile can trigger a stack overflow in `SIccCalcOp::ArgsUsed()`. The issue occurs when `iccApplyProfiles` processes a malicious profile, specifically during argument usage calculation for underflow/overflow checks. This issue was addressed in version 2.3.1.6. Recommendations Versions prior to 2.3.1.6 should be updated to version 2.3.1.6 or later.

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.6 Description ccDEV is a set of libraries and tools for working with ICC color management profiles. A crafted ICC profile can trigger a heap-buffer-overflow in the `icMemDump()` function when `iccDumpProfile` attempts to dump or describe malformed tag contents. This issue is observable under AddressSanitizer as an out-of-bounds heap read in `icMemDump()` at IccProfLib/IccUtil.cpp:1002, reachable via `CIccTagUnknown::Describe()`. Recommendations Update to version 2.3.1.6 or later.

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.6 Description iccDEV is a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, an Undefined Behavior (UB) condition in the `IccUtil.cpp` file can be triggered by a crafted ICC profile when running `iccDumpProfile`. Recommendations Update to version 2.3.1.6 or later.

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.6 Description iccDEV is a set of libraries and tools for working with ICC color management profiles. Versions prior to 2.3.1.6 contain an Undefined Behavior (UB) condition in the XML conversion tooling path (`iccToXml`) due to an implicit conversion from a negative signed integer to `icUInt32Number` (unsigned 32-bit), which alters the value. Recommendations Versions prior to 2.3.1.6 should be updated to version 2.3.1.6 or later.

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.6 Description iccDEV provides libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a manipulated ICC profile can trigger a heap-buffer-overflow in `CIccMpeSpectralMatrix::Describe()`. The issue is observable as an out-of-bounds heap read when running `iccDumpProfile` on a malicious profile. Recommendations Update to version 2.3.1.6 or later.

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.6 Description iccDEV is a set of libraries and tools for working with ICC color management profiles. A null-pointer dereference (NPD) in the `CIccTagLut16::Write()` function can occur when processing a crafted ICC profile embedded in a TIFF file and extracted during `iccTiffDump`. Recommendations Update to version 2.3.1.6 or later.

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.6 Description iccDEV is a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a defect exists in the LUT dump/iteration logic affecting the `CIccCLUT::Iterate()` function and output produced by `CIccMBB::Describe()` via CLUT dumping. Recommendations Update to version 2.3.1.6 or later.

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.6 Description iccDEV provides a set of libraries and tools for working with ICC color management profiles. A heap-buffer-overflow (HBO) in the `CIccApplyCmmSearch::costFunc()` function can be triggered via malformed JSON configuration input to the `iccApplySearch` tool. AddressSanitizer reports an out-of-bounds READ of size 8 originating from `CIccApplyCmmSearch::costFunc(CIccSearchVec&)` at IccProfLib/IccCmmSearch.cpp:112:5. Recommendations Versions prior to 2.3.1.6 should be updated to version 2.3.1.6 or later.

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.6 Description iccDEV provides libraries and tools for working with ICC color management profiles. Before version 2.3.1.6, a manipulated ICC profile can trigger Undefined Behavior (UB) in the `CIccCalculatorFunc::ApplySequence()` function due to invalid enum values being loaded for `icChannelFuncSignature`. This results in a type/enum value confusion scenario during ICC profile processing. Recommendations Versions prior to 2.3.1.6 should be updated to version 2.3.1.6 or later.

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.6 Description iccDEV is a set of libraries and tools for working with ICC color management profiles. A crafted ICC profile can trigger a segmentation fault (SEGV) in the `CIccTagArray::Cleanup()` function, leading to a process crash when running `iccRoundTrip` on a malicious profile. The issue is observable under UBSan/ASan as misaligned member access and misaligned pointer loads followed by an invalid read. Recommendations Update to version 2.3.1.6 or later.

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.6 Description ccDEV, a set of libraries and tools for working with ICC color management profiles, is susceptible to a flaw where a crafted ICC profile can trigger Undefined Behavior (UB) in the `CIccOpDefEnvVar::Exec()` function. This occurs due to invalid enum values being loaded for `icSigCmmEnvVar`. The issue is observable under UBSan as a “load of value … not a valid value for type icSigCmmEnvVar”, indicating an invalid enum/type value being consumed during ICC profile processing. Recommendations Versions prior to 2.3.1.6 should be updated to version 2.3.1.6 or later.

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.6 Description iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile and TIFF input can trigger a heap-buffer-overflow in `CTiffImg::WriteLine()`. The issue is observable as an out-of-bounds heap read when running `iccSpecSepToTiff` on a malicious .icc + .tif pair, leading to a crash during TIFF strip writing. Recommendations Versions prior to 2.3.1.6 should be updated to version 2.3.1.6 or later.

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.6 Description iccDEV is a set of libraries and tools for working with ICC color management profiles. A crafted ICC profile can trigger a stack-buffer-overflow (SBO) in `CIccCalculatorFunc::Apply()` when processed via iccApplyNamedCmm. The issue is reachable through the MPE calculator / curve set initialization path. The failure is reported as a 4-byte write stack-buffer-overflow in IccProfLib/IccMpeCalc.cpp:3873 under AddressSanitizer. Recommendations Update to version 2.3.1.6 or later.

**Name of the Vulnerable Software and Affected Versions** iccDEV versions prior to 2.3.1.5 **Description** iccDEV is a set of libraries and tools for working with ICC color management profiles. A heap-based buffer overflow exists in the `icCurvesFromXml()` function, potentially leading to heap memory corruption or a crash. **Recommendations** Update to version 2.3.1.5 or later.