Skip to content

4.40.4: ICC profile parsing hardening/

Choose a tag to compare

View all tags
@mattiasw mattiasw released this 03 Jun 14:18
· 20 commits to main since this release
v4.40.4
4c969bb

Fixed

  • Malformed ICC profiles whose declared length is too small to hold the tag
    table, or that contain a tag offset pointing past the end of the profile,
    now return the header tags parsed so far instead of nothing. Three internal
    bounds checks compared against the wrong length value and never fired, so
    such a profile ran past its end and all tags were discarded.

Security

  • Prevent a denial-of-service (excessive memory use) from crafted ICC mluc
    tags by bounding the decoded text to each tag's bounds and the total profile
    size.

Full Changelog: v4.40.3...v4.40.4

Assets 4
Loading