Primary

Context

iccDEV Null Pointer Dereference Vulnerability in CIccTagXmlStruct::ParseTag() Leading to Segmentation Fault

Vulnerability

A null pointer dereference vulnerability has been identified in iccDEV versions prior to 2.3.1.5. The issue occurs in the CIccTagXmlStruct::ParseTag() function, where the absence of proper checks for tag children pointers allows for dereferencing a null pointer. This oversight leads to a segmentation fault, causing a denial-of-service condition.

Impact

Exploitation of this vulnerability causes a segmentation fault, leading to a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by using libFuzzer to fuzz the 'iccFromXml' command-line tool with a specially crafted XML file that triggers the null pointer dereference. The XML file can be obtained from the issue #633 on the iccDEV repository.

Remediation

Users can upgrade to iccDEV version 2.3.1.5 or later, where this vulnerability has been fixed.

Added: Mar 10, 2026, 6:36 PM

Updated: Mar 10, 2026, 6:36 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.5

remediation

0.0

relevance

3.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.5

remediation

0.0

relevance

3.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

iccDEV Null Pointer Dereference Vulnerability in CIccTagXmlStruct::ParseTag() Leading to Segmentation Fault

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating