Primary

Context

iccDEV Heap-Based Buffer Overflow Vulnerability in CIccCalculatorFunc

Vulnerability

A heap-based buffer overflow vulnerability has been identified in iccDEV versions prior to 2.3.1.5. This issue, located in the CIccCalculatorFunc::InitSelectOp() function, is triggered by local user interaction, leading to memory corruption and crashes. The vulnerability has been addressed in version 2.3.1.5.

Impact

Exploitation of this vulnerability causes a heap-based buffer overflow, which can lead to memory corruption and application crashes.

Reproduction

The vulnerability can be reproduced by using a crafted ICC file that exploits the buffer overflow in the CIccCalculatorFunc::InitSelectOp() function. This can be done by downloading the ICC file associated with this vulnerability and using the 'iccRoundTrip' tool to process it. The AddressSanitizer will report the heap-buffer-overflow error, indicating that the vulnerability has been successfully exploited.

Remediation

Users can upgrade to iccDEV version 2.3.1.5 or later to address this vulnerability.

Added: Mar 10, 2026, 6:42 PM

Updated: Mar 10, 2026, 6:42 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.6

remediation

0.0

relevance

3.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.6

remediation

0.0

relevance

3.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

iccDEV Heap-Based Buffer Overflow Vulnerability in CIccCalculatorFunc

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating