Primary

Context

iccDEV Stack Buffer Overflow Vulnerability in icFixXml() Function

Vulnerability

A stack buffer overflow vulnerability has been identified in the iccDEV color management library, prior to version 2.3.1.5. The issue arises in the icFixXml() function, where improper use of strcpy creates a buffer overflow, leading to stack memory corruption or application crashes. This vulnerability requires user interaction to exploit.

Impact

Exploitation of this vulnerability causes a stack buffer overflow, which can lead to memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by using the 'iccToXml' command-line tool included in the iccDEV package. After downloading a crafted ICC file that triggers the buffer overflow, this file can be processed with 'iccToXml', which will result in a stack buffer overflow error.

Remediation

Users can upgrade to iccDEV version 2.3.1.5 or later, where this vulnerability has been fixed. The latest version is available on the GitHub Releases page.

Added: Mar 10, 2026, 6:38 PM

Updated: Mar 10, 2026, 6:38 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.5

remediation

0.0

relevance

3.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.5

remediation

0.0

relevance

3.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

iccDEV Stack Buffer Overflow Vulnerability in icFixXml() Function

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating