Primary

Context

iccDEV Division by Zero Vulnerability in TIFF Handling Leading to Undefined Behavior

Vulnerability

A vulnerability in iccDEV versions prior to 2.3.1.6 allows crafted TIFF inputs to cause undefined behavior due to division by zero in the TIFF processing code. This issue, which can lead to application crashes, has been reported by Undefined Behavior Sanitizer (UBSan) and is present in the TIFF handling paths used by the 'iccTiffDump' tool.

Impact

Exploitation of this vulnerability can cause the application to crash, leading to a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by downloading the crafted TIFF file 'BeyondRGB_CM_1774467526.tiff' and using the 'iccTiffDump' tool to process it. This triggers the division by zero error in the TIFF handling code.

Remediation

Users can update to iccDEV version 2.3.1.6 or later, available through the GitHub Container Registry.

Added: Mar 31, 2026, 11:51 PM

Updated: Mar 31, 2026, 11:51 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.7

remediation

0.0

relevance

5.0

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.7

remediation

0.0

relevance

5.0

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

iccDEV Division by Zero Vulnerability in TIFF Handling Leading to Undefined Behavior

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating