Primary

Context

iccDEV Stack Buffer Overflow Vulnerability in CIccTagNum::GetValues()

Vulnerability

A stack buffer overflow vulnerability has been identified in iccDEV versions prior to 2.3.1.5. This issue occurs in the CIccTagNum<>::GetValues() function, leading to stack memory corruption or crashes. The vulnerability has been patched in version 2.3.1.5.

Impact

Exploitation of this vulnerability causes a stack buffer overflow, which can lead to memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by using a crafted ICC file that exploits the buffer overflow in the CIccTagNum::GetValues() method. This can be done by using the 'iccApplyNamedCmm' tool to apply a named color transformation, which triggers the vulnerable function and causes the stack overflow.

Remediation

Users can upgrade to iccDEV version 2.3.1.5 or later to address this vulnerability.

Added: Mar 10, 2026, 6:36 PM

Updated: Mar 10, 2026, 6:36 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

7.5

remediation

0.0

relevance

3.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

7.5

remediation

0.0

relevance

3.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

iccDEV Stack Buffer Overflow Vulnerability in CIccTagNum::GetValues()

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating