Primary

Context

iccDEV Heap-Based Buffer Overflow Vulnerability in XML Curve Parsing Function

Vulnerability

A heap-based buffer overflow vulnerability has been identified in the iccDEV color management library, prior to version 2.3.1.5. The issue arises in the function icCurvesFromXml(), where improper handling of XML data can lead to heap memory corruption or application crashes. This vulnerability requires user interaction to exploit.

Impact

Exploitation of this vulnerability causes a heap-based buffer overflow, leading to heap memory corruption or a crash.

Reproduction

The vulnerability can be reproduced by using a crafted XML file that triggers the buffer overflow when processed by the icCurvesFromXml() function. This can be done by using the 'iccFromXml' command-line tool with the vulnerable XML file as input.

Remediation

Users can upgrade to iccDEV version 2.3.1.5 or later to address this vulnerability.

Added: Mar 10, 2026, 6:31 PM

Updated: Mar 10, 2026, 6:31 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.1

remediation

0.0

relevance

3.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.1

remediation

0.0

relevance

3.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

iccDEV Heap-Based Buffer Overflow Vulnerability in XML Curve Parsing Function

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating