Vigil@nce: Little CMS, denial of service via monochrome
May 2009 by Vigil@nce
An image with a malicious ICC profile dereferences a NULL pointer
in Little CMS.
– Severity: 1/4
– Consequences: denial of service of client
– Provenance: document
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 11/05/2009
IMPACTED PRODUCTS
– Fedora
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The Little CMS (lcms, Color Management System) library handles
images.
The ICC (International Color Consortium) profile defines color
variations needed by each device in order to display identical
colors. Some image types, such as JPEG or PNG, can contain ICC
profiles.
The cmsBuildGrayOutputMatrixShaper() function of the
src/cmsxform.c file of Little CMS reads the monochrome ICC profile
of an image. When the profile is invalid, the cmsReadICCGamma()
function returns a NULL pointer, which is dereferenced in
cmsBuildGrayOutputMatrixShaper().
An attacker can therefore invite the victim to open a malicious
image in a software using a monochrome display, in order to stop
the application.
CHARACTERISTICS
– Identifiers: CVE-2009-0793, FEDORA-2009-3425, FEDORA-2009-3426,
FEDORA-2009-3914, FEDORA-2009-3967, VIGILANCE-VUL-8700
– Url: http://vigilance.fr/vulnerability/Little-CMS-denial-of-service-via-monochrome-8700