Primary

Context

iccDEV Heap-Based Buffer Overflow Vulnerability in SIccCalcOp::Describe()

Vulnerability

A heap-based buffer overflow vulnerability has been identified in the iccDEV library, specifically in the SIccCalcOp::Describe() function within the IccProfLib/IccMpeCalc.cpp file. This vulnerability affects versions prior to 2.3.1.2 and can be exploited by users processing International Color Consortium (ICC) color profiles.

Impact

Exploitation of this vulnerability leads to a heap-based buffer overflow, which can commonly result in arbitrary code execution or a crash of the application.

Reproduction

The vulnerability can be reproduced by using the 'iccToXml' tool included in the iccDEV library. This tool can be used to process an ICC file that triggers the buffer overflow. The AddressSanitizer, a memory error detection tool, can be used to identify the heap-buffer-overflow error while the 'iccToXml' tool is running.

Remediation

Users can upgrade to iccDEV version 2.3.1.2 or later to address this vulnerability.

Added: Jan 13, 2026, 9:43 PM

Updated: Jan 13, 2026, 9:43 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.7

remediation

7.7

relevance

2.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.7

remediation

7.7

relevance

2.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

iccDEV Heap-Based Buffer Overflow Vulnerability in SIccCalcOp::Describe()

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating