Primary

Context

iccDEV NULL Pointer Dereference Vulnerability in Unknown Tag Parser

Vulnerability

A NULL pointer dereference vulnerability has been identified in the iccDEV library, which is used for managing ICC color profiles. This issue exists in versions prior to 2.3.1.2 and arises in the unknown tag parser, where the parser attempts to process a node that can be NULL, leading to a crash. The vulnerability has been patched in version 2.3.1.2.

Impact

Exploitation of this vulnerability causes a segmentation fault due to a NULL pointer dereference, which can lead to a crash of the application using the iccDEV library.

Reproduction

The vulnerability can be reproduced by parsing an ICC profile XML file that triggers the unknown tag parser to dereference a NULL node. This can be done using the 'iccFromXml' tool included in the iccDEV distribution, with a crafted XML file that simulates the conditions leading to the NULL dereference.

Remediation

Users can upgrade to iccDEV version 2.3.1.2 or later to address this vulnerability.

Added: Jan 7, 2026, 7:27 PM

Updated: Jan 7, 2026, 7:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.7

remediation

7.7

relevance

1.9

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.7

remediation

7.7

relevance

1.9

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

iccDEV NULL Pointer Dereference Vulnerability in Unknown Tag Parser

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating