Skip to content

Fix: HBO in CIccProfileXml::ParseBasic() at IccXML/IccLibXML/IccProfileXml.cpp #451

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
xsscx merged 1 commit into from
Jan 6, 2026
Merged

Fix: HBO in CIccProfileXml::ParseBasic() at IccXML/IccLibXML/IccProfileXml.cpp #451

xsscx merged 1 commit into from
Jan 6, 2026

Conversation

@ChrisCoxArt
Copy link
Contributor

@ChrisCoxArt ChrisCoxArt commented Jan 6, 2026

Fixes #448

Pull Request Checklist

  • Have you followed the guidelines in Contributing document?
  • Have you checked to ensure there aren't other open Pull Requests for the same change?
  • Have you built your Pull Request locally with the Build Instructions?
  • Have you added or updated relevant tests?
  • Have you added or updated relevant docs?

@ChrisCoxArt ChrisCoxArt requested a review from xsscx as a code owner January 6, 2026 21:29
@xsscx xsscx self-assigned this Jan 6, 2026
@xsscx xsscx added Bug Bug Report Review in Process PR being Reviewed by Maintainers labels Jan 6, 2026
xsscx
xsscx approved these changes Jan 6, 2026
View reviewed changes
Copy link
Member

@xsscx xsscx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Repro

Tue Jan 6 16:36:33 EST 2026

8156d5e
8156d5e (HEAD -> pr-451, origin/issue-448) fix typo so we check for a NULL character instead of a NULL pointer
Testing % ../Build/Tools/IccFromXml/iccFromXml CVE-2024-38427-public-domain-example-proof-of-concept-poc-buffer-overflow.xml oops.icc

Expected Output

Profile parsed.  Profile is invalid, but saved correctly
Warning! - Unknown 'HOYT' = 484F5954: Unknown platform signature.
Warning! - Major version number (66) is unexpected.
Warning! - Unknown 'hoyt' = 686F7974: Unregistered CMM signature.
NonCompliant! - profileDescriptionTag textDescriptionType: Invalid tag type (Might be critical!).
NonCompliant! - copyrightTag textType: Invalid tag type (Might be critical!).
NonCompliant! - deviceModelDescTag textDescriptionType: Invalid tag type (Might be critical!).
NonCompliant! - deviceMfgDescTag textDescriptionType: Invalid tag type (Might be critical!).

@xsscx xsscx added Merged Merged Pending Merge Maintainer indicates Merge Pending and requests no further changes and removed Review in Process PR being Reviewed by Maintainers Merged Merged labels Jan 6, 2026
@xsscx xsscx changed the title fix typo so we check for a NULL character instead of a NULL pointer Fix: HBO in CIccProfileXml::ParseBasic() at IccXML/IccLibXML/IccProfileXml.cpp Jan 6, 2026
@xsscx xsscx merged commit d9cfc7f into master Jan 6, 2026
24 checks passed
@xsscx xsscx added Merged Merged and removed Pending Merge Maintainer indicates Merge Pending and requests no further changes labels Jan 6, 2026
@xsscx xsscx mentioned this pull request Jan 6, 2026
Closed
@xsscx xsscx added the CVE Requested Maintainer indicates a CVE has been Requested label Jan 7, 2026
@xsscx
Copy link
Member

xsscx commented Jan 7, 2026

GHSA-7v4q-mhr2-hj7r

@xsscx xsscx added the Security Security Related label Jan 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@xsscx xsscx xsscx approved these changes

Assignees

@xsscx xsscx

Labels

Bug Bug Report CVE Requested Maintainer indicates a CVE has been Requested Merged Merged Security Security Related

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

HBO in CIccProfileXml::ParseBasic() at IccXML/IccLibXML/IccProfileXml.cpp:361:23

3 participants

@ChrisCoxArt @xsscx