PT-2023-30109 · International Color Consortium · International Color Consortium Demoiccmax

David Hoyt

Published

2023-10-23

Updated

2024-01-09

CVE-2023-46603

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions International Color Consortium DemoIccMAX version 79ecb74 libIccProfLib2 version 2.1.15

Description There is an out-of-bounds read in the CIccPRMG::GetChroma function in IccProfLib/IccPrmg.cpp in libSampleICC.a. This issue can be triggered by processing a maliciously crafted ICC Color Profile.

Recommendations For International Color Consortium DemoIccMAX version 79ecb74, consider disabling the CIccPRMG::GetChroma function until a patch is available. For libIccProfLib2 version 2.1.15, restrict the use of the CIccPRMG::GetChroma function in IccProfLib/IccPrmg.cpp to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2023-46603

Affected Products

International Color Consortium Demoiccmax

CVE-2023-46603

Weakness Enumeration

Related Identifiers

Affected Products

References · 8