CVE-2023-46867

Name of the Vulnerable Software and Affected Versions libIccProfLib2 version 2.1.15 International Color Consortium DemoIccMAX version 79ecb74

Description The issue is related to a NULL pointer dereference in the CIccXformMatrixTRC::GetCurve method within the IccCmm.cpp file. This occurs when processing a maliciously crafted input. The GetCurve method is part of the CIccXformMatrixTRC class. No information is provided about the estimated number of potentially affected devices or real-world incidents.

Recommendations For libIccProfLib2 version 2.1.15, consider disabling the CIccXformMatrixTRC::GetCurve method until a patch is available. For International Color Consortium DemoIccMAX version 79ecb74, restrict access to the IccCmm.cpp file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.