Primary

Context

iccDEV Type Confusion Vulnerability in XML Curve Serialization

Vulnerability

A type confusion vulnerability has been identified in the iccDEV library, specifically in versions through 2.3.1.1. The issue arises in the 'CIccSingleSampledeCurveXml' class during the serialization of XML curves. This vulnerability allows for improper handling of data types, which could potentially be exploited under certain conditions.

Impact

Exploitation of this vulnerability leads to undefined behavior, with the potential for memory corruption.

Reproduction

The vulnerability can be reproduced by using the 'CIccSingleSampledeCurveXml' class to parse an ICC file that includes a 'SingleSampledCurve' element. This can be done by calling the 'ParseXml' method with the appropriate XML node and parsing string. The type confusion will trigger a runtime error, as the downcasted object does not match the expected type.

Remediation

Users can upgrade to version 2.3.1.2 or later to address this vulnerability.

Added: Jan 6, 2026, 3:17 PM

Updated: Jan 6, 2026, 3:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.7

remediation

7.7

relevance

1.9

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.7

remediation

7.7

relevance

1.9

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

iccDEV Type Confusion Vulnerability in XML Curve Serialization

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating