Category: C++
-
Color Profile Injection (CPI)
tl;dr: Color Profile Injection is due to untrusted inputs within color profile blobs. Why? Color profiles rely on offset and length fields, enabling crafted profile data to corrupt neighboring structures. Color Profile Injection Background Color Profile Injection (CPI) occurs because user-controllable inputs can corrupt a color profile binary layout. Resulting impact includes memory corruption, logic…
-
CVE-2024-38427 – Profile Bleed
A logic flaw existed in the CIccTagXmlProfileSequenceId::ParseXml function of the DemoIccMAX Project where the function unconditionally returned false and has been assigned CVE-2024-38427.
You must be logged in to post a comment.