International Color Consortium
Members
Getting Started
V4
iccMAX
Making color seamles between devices and documents
ICC Specifications
Technical Notes
ICC Resource Center
ICC Slide Presentation
ICC Logos
Information on Profiles
ICC White Papers
Color Management Links
Member List
ICC Working Groups
FAQ
Forum
Home
Got a question about ICC Profiles or colour management?

Profile security

A v4 ICC profile contains no executable code, but it is still important that developers of profile creation tools and CMMs are aware of problems that could arise from badly-formed profiles.

ICC has defined three priorities for profile security:

  1. Creating and providing tools to identify vulnerabilities
  2. Setting up a process to report and discuss vulnerabilities
  3. Actively engaging in the security process.

Process
In the interests of protecting the colour management community from potential security problems, all interested parties are encouraged to send examples, comments, and problems to the Technical Secretary. Where relevant, such cases will be reported to the colour management community through the ICC web site.

Engagement
ICC is committed to giving more attention to this issue. Information on vulnerabilities and how to avoid them will be posted here, together with information about tools to help developers identify vulnerabilities.


Profile scanning
ICC has developed a tool to scan ICC profiles (RGB and CMYK input, output, display and colorspace) in order to find possible exploits. It identifies whether the profile is corrupted in a suspicious way.

The tool is available to ICC members. Vendors of profiling software, and organisations providing profiles to the colour management community, can upload profiles to ICC and receive a confidential report on any issues detected.

Please report any comments or issues to the ICC Technical Secretary.


Android lock screen bug
A rounding error in Java caused smartphones running a version of the Android OS to freeze when an auto-generated ICC profile was embedded in a lockscreen image. For more information, see here.


Malformed profiles
ICC maintains an archive of malformed profiles, with both critical and non-critical errors, for the purpose of testing workflow components.

A selection of these profiles can be found here.

For more information about any aspect of profile security please contact the ICC Technical Secretary.