Primary

Context

iccDEV Undefined Behavior Vulnerability Leading to Runtime Error

Vulnerability

A vulnerability in the iccDEV library, affecting versions prior to 2.3.1.2, allows for undefined behavior that results in a runtime error. This issue arises when processing International Color Consortium (ICC) color profiles, where certain invalid numeric values, such as NaN (Not a Number), can cause the application to crash. The vulnerability requires user interaction to be exploited.

Impact

Exploitation of this vulnerability causes a runtime error, with the application crashing after displaying a warning about an invalid numeric value. This issue disrupts the normal operation of the software, particularly when handling ICC color profiles.

Remediation

Users can upgrade to iccDEV version 2.3.1.2 or later, where this vulnerability has been patched.

Added: Jan 7, 2026, 9:24 PM

Updated: Jan 7, 2026, 9:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.0

remediation

7.7

relevance

1.9

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.0

remediation

7.7

relevance

1.9

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

iccDEV Undefined Behavior Vulnerability Leading to Runtime Error

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating