Primary

Context

iccDEV Out-of-Bounds Read Vulnerability in CIccProfile::LoadTag Function

Vulnerability

A vulnerability allowing out-of-bounds read, use of out-of-range pointer offset, and improper input validation has been identified in the iccDEV library, specifically in versions through 2.3.1.1. This issue arises in the CIccProfile::LoadTag function, where the vulnerability can be exploited by processing malformed ICC color management profiles. The problem has been addressed in version 2.3.1.2.

Impact

Exploitation of this vulnerability leads to undefined behavior, causing a runtime error and a potential out-of-memory condition.

Reproduction

The vulnerability can be reproduced by using libFuzzer to fuzz the CIccTagText::Read() method, which triggers the out-of-bounds read. This can be done by creating a malformed ICC profile that exploits the improper input validation in the LoadTag function.

Remediation

Users can upgrade to iccDEV version 2.3.1.2 to address this vulnerability.

Added: Jan 6, 2026, 4:19 AM

Updated: Jan 6, 2026, 4:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.8

remediation

7.7

relevance

1.9

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.8

remediation

7.7

relevance

1.9

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

iccDEV Out-of-Bounds Read Vulnerability in CIccProfile::LoadTag Function

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating