CVE-2021-28855

Vulnerability

A NULL pointer dereference vulnerability exists in Deark versions before 1.5.8. The flaw resides in the dbuf_write function within src/deark-dbuf.c. When processing a specially crafted PICT file, the code path do_iccprofile_item -> dbuf_copy -> dbuf_write is reached without verifying that the d->iccprofile_file pointer is non-NULL, leading to a NULL pointer dereference [1][2].

Exploitation

An attacker can exploit this vulnerability by providing a malicious PICT file to a user of Deark. No special network position or authentication is required; the victim only needs to open the file with Deark. The crafted PICT file contains a malformed ICC profile segment that causes d->iccprofile_file to be NULL. When Deark processes the file, the NULL pointer dereference occurs in dbuf_write, resulting in a crash [1].

Impact

Successful exploitation results in a denial of service (application crash) due to the NULL pointer dereference. There is no indication of arbitrary code execution or information disclosure. The crash occurs in the dbuf_write function, terminating the Deark process.

Mitigation

The vulnerability is fixed in Deark version 1.5.8. The fix, introduced in commit [2], adds a check for d->iccprofile_file being NULL before calling dbuf_copy. Users should upgrade to version 1.5.8 or later. No workarounds are available for earlier versions.