Volerion logoVolerion
Volerion logoVolerion

iccDEV Heap Buffer Overflow Vulnerability in ToneMap Parser

Vulnerability

A heap buffer overflow vulnerability has been identified in the iccDEV library, specifically in versions prior to 2.3.1.2. The issue arises in the ToneMap parser, where improper handling of data can lead to memory corruption.

Impact

Exploitation of this vulnerability causes a heap buffer overflow, which can lead to memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by processing a specially crafted ICC color profile using the iccDEV library. This can be done with the 'iccDumpProfile' tool included in the iccDEV repository. The tool should be used to validate a profile that triggers the buffer overflow, such as one with specific Multi-Process Element (MPE) data that the ToneMap parser mishandles.

Remediation

Users can upgrade to iccDEV version 2.3.1.2 or later to address this vulnerability.

Added: Jan 7, 2026, 7:19 PM
Updated: Jan 7, 2026, 7:19 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
2.5
exploitability
5.8
remediation
7.7
relevance
1.9
threat
6.4
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.