Vigil@nce: Little CMS, denial of service via monochrome
May 2009 by Vigil@nce
An image with a malicious ICC profile dereferences a NULL pointer in Little CMS.
Consequences: denial of service of client
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 11/05/2009
Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The Little CMS (lcms, Color Management System) library handles images.
The ICC (International Color Consortium) profile defines color variations needed by each device in order to display identical colors. Some image types, such as JPEG or PNG, can contain ICC profiles.
The cmsBuildGrayOutputMatrixShaper() function of the src/cmsxform.c file of Little CMS reads the monochrome ICC profile of an image. When the profile is invalid, the cmsReadICCGamma() function returns a NULL pointer, which is dereferenced in cmsBuildGrayOutputMatrixShaper().
An attacker can therefore invite the victim to open a malicious image in a software using a monochrome display, in order to stop the application.
Identifiers: CVE-2009-0793, FEDORA-2009-3425, FEDORA-2009-3426,
FEDORA-2009-3914, FEDORA-2009-3967, VIGILANCE-VUL-8700