Primary

Context

iccDEV NULL Pointer Dereference Vulnerability in XML Tag Parser

Vulnerability

A NULL pointer dereference vulnerability has been identified in iccDEV versions prior to 2.3.1.2. The issue arises in the XML tag parser, where the code fails to properly check for NULL values before accessing node properties. This flaw can lead to runtime errors and potential application crashes.

Impact

Exploitation of this vulnerability causes a segmentation fault, leading to a crash of the application processing the affected ICC color profile.

Reproduction

The vulnerability can be reproduced by using the 'iccFromXml' tool with an XML file that includes an 'Array' tag. The 'ParseXml' function in 'IccTagXml.cpp' will attempt to dereference a NULL pointer, causing a segmentation fault.

Remediation

Users can upgrade to iccDEV version 2.3.1.2 or later to address this vulnerability.

Added: Jan 7, 2026, 7:21 PM

Updated: Jan 7, 2026, 7:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.8

remediation

7.7

relevance

1.9

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.8

remediation

7.7

relevance

1.9

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

iccDEV NULL Pointer Dereference Vulnerability in XML Tag Parser

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating