Primary

Context

iccDEV NULL Pointer Dereference Vulnerability in ToneMap Function Writing

Vulnerability

A NULL pointer dereference vulnerability has been identified in the iccDEV library, specifically in versions prior to 2.3.1.2. This vulnerability occurs in the ToneMap writing process, where the absence of a required Luminance Curve or ToneMap Functions can lead to a runtime error. The issue arises when the library processes ICC color profiles, allowing for potential exploitation.

Impact

Exploitation of this vulnerability causes a runtime error due to a member call on a null pointer, leading to undefined behavior.

Reproduction

The vulnerability can be reproduced by using the 'iccFromXml' function with an ICC file that lacks the necessary ToneMap Functions or Luminance Curve. This will trigger the NULL pointer dereference when the library attempts to write the ToneMap data.

Remediation

Users can upgrade to iccDEV version 2.3.1.2 or later, where this vulnerability has been patched.

Added: Jan 6, 2026, 9:18 PM

Updated: Jan 6, 2026, 9:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.7

remediation

7.7

relevance

1.9

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.7

remediation

7.7

relevance

1.9

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

iccDEV NULL Pointer Dereference Vulnerability in ToneMap Function Writing

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating