Primary

Context

International Color Consortium iccDEV Out-of-Bounds Read and Integer Underflow Vulnerability

Vulnerability

A vulnerability allowing out-of-bounds read and integer underflow has been identified in the iccDEV library, which is used for managing ICC color profiles. This issue is present in versions prior to 2.3.1.1 and arises in the 'SequenceNeedTempReset' function of the 'CIccCalculatorFunc' class. The vulnerability can be exploited by processing specially crafted ICC profiles, leading to potential memory access violations.

Impact

Exploitation of this vulnerability causes an out-of-bounds read, which can lead to memory corruption or disclosure of sensitive information. Additionally, the integer underflow can be exploited to manipulate memory operations, potentially causing further memory corruption.

Remediation

Users can upgrade to version 2.3.1.2, where this vulnerability has been fixed.

Added: Jan 6, 2026, 2:17 PM

Updated: Jan 6, 2026, 2:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.1

remediation

7.7

relevance

1.9

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.1

remediation

7.7

relevance

1.9

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

International Color Consortium iccDEV Out-of-Bounds Read and Integer Underflow Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating