Primary

Context

iccDEV Segmentation Fault Vulnerability in CIccCLUT::Interp3d() Prior to Version 2.3.1.5

Vulnerability

A segmentation fault vulnerability has been identified in iccDEV versions prior to 2.3.1.5. This issue arises from an invalid pointer read in the CIccCLUT::Interp3d() function, leading to a denial-of-service condition. The vulnerability requires user interaction to be exploited.

Impact

Exploitation of this vulnerability causes a segmentation fault, resulting in a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by using a crafted ICC file that triggers the wild pointer read in the CIccCLUT::Interp3d() function. This can be done by applying the 'iccApplyProfiles' tool with the vulnerable ICC file, which will cause the application to crash due to the segmentation fault.

Remediation

Users can upgrade to iccDEV version 2.3.1.5 or later to address this vulnerability.

Added: Mar 10, 2026, 6:33 PM

Updated: Mar 10, 2026, 6:33 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.5

remediation

0.0

relevance

3.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.5

remediation

0.0

relevance

3.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

iccDEV Segmentation Fault Vulnerability in CIccCLUT::Interp3d() Prior to Version 2.3.1.5

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating