Primary

Context

iccDEV Stack Overflow Vulnerability Leading to Denial-of-Service

Vulnerability

A stack overflow vulnerability has been identified in iccDEV versions prior to 2.3.1.5. The issue arises in the CIccBasicStructFactory::CreateStruct() function, where improper handling of ICC color management profiles creates uncontrolled recursion. This recursion exhausts the stack, causing a crash. The vulnerability requires user interaction to be exploited.

Impact

Exploitation of this vulnerability causes a stack overflow, leading to uncontrolled recursion, stack exhaustion, and a crash of the application.

Reproduction

The vulnerability can be reproduced by using a crafted ICC profile that triggers the recursive behavior in the CIccBasicStructFactory::CreateStruct() function. This can be done by using the 'iccDumpProfile' tool with the vulnerable ICC profile as input. The AddressSanitizer will report a stack overflow error, indicating that the vulnerability has been successfully exploited.

Remediation

Users can upgrade to iccDEV version 2.3.1.5 or later to address this vulnerability.

Added: Mar 10, 2026, 6:40 PM

Updated: Mar 10, 2026, 6:40 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.5

remediation

0.0

relevance

3.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.5

remediation

0.0

relevance

3.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

iccDEV Stack Overflow Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating