Skip to content

TC in CIccCmm::AddXform() at IccCmm.cpp:8320 #613

New issue
New issue
Closed
Report
Closed
TC in CIccCmm::AddXform() at IccCmm.cpp:8320#613
Report
Assignees
ChrisCoxArt
Labels
BugBug ReportTriagedMaintainer indicates triaged status and ready for developer handofflibFuzzerlibFuzzer Related
@xsscx

Description

@xsscx
xsscx
opened on Feb 23, 2026

Maintainer Repro

2026-02-23 14:34:43 UTC

Git Testing

8cfeaec (HEAD -> master, origin/master, origin/HEAD) Add: Dockerfiles & Workflows (Add: Dockerfiles for Packages #597)
43ae18d (HEAD -> master, origin/master, origin/HEAD) Fix: SIO in bool parse3DTable() (#611)

Step 1. wget https://github.com/xsscx/fuzz/raw/refs/heads/master/graphics/tif/test_8x8.tif

Step 2. wget https://github.com/xsscx/fuzz/raw/refs/heads/master/graphics/icc/huaf-CIccCmm-AddXform-IccCmm_cpp-Line8320.icc

Step 3. iccApplyProfiles test_8x8.tif /tmp/out.tif 2 1 0 0 0 huaf-CIccCmm-AddXform-IccCmm_cpp-Line8320.icc 0

PoC Expected Output

IccProfLib/IccCmm.cpp:8320:17: runtime error: member access within address 0x511000000180 which does not point to an object of type 'CIccProfile'
0x511000000180: note: object has invalid vptr
 00 00 00 00  dc 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00
              ^~~~~~~~~~~~~~~~~~~~~~~
              invalid vptr
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior

Metadata

Metadata

Assignees

Labels

BugBug ReportTriagedMaintainer indicates triaged status and ready for developer handofflibFuzzerlibFuzzer Related

Type

Report

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions