Primary

Context

iccDEV Heap-Based Buffer Overflow Vulnerability in CIccMatrixMath::SetRange()

Vulnerability

A heap-based buffer overflow vulnerability has been identified in iccDEV versions prior to 2.3.1.5. This vulnerability occurs in the CIccMatrixMath::SetRange() function, leading to memory corruption or crashes. The issue has been addressed in version 2.3.1.5.

Impact

Exploitation of this vulnerability causes a heap-based buffer overflow, leading to memory corruption and crashes. However, such heap-based buffer overflows can often be exploited to execute arbitrary code under certain conditions.

Reproduction

The vulnerability can be reproduced by using a crafted ICC profile that triggers the buffer overflow when processed by the 'iccApplyNamedCmm' tool. This can be done by piping a specific input into the tool, which will then apply the named color management using the flawed interpolation method, resulting in a crash.

Remediation

Users can upgrade to iccDEV version 2.3.1.5 or later to address this vulnerability.

Added: Mar 10, 2026, 6:36 PM

Updated: Mar 10, 2026, 6:36 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.9

exploitability

6.2

remediation

0.0

relevance

3.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.9

exploitability

6.2

remediation

0.0

relevance

3.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

iccDEV Heap-Based Buffer Overflow Vulnerability in CIccMatrixMath::SetRange()

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating