Primary

Context

iccDEV Heap-Buffer-Overflow Vulnerability in CIccApplyCmmSearch Cost Function

Vulnerability

A heap-buffer-overflow vulnerability has been identified in iccDEV versions prior to 2.3.1.6. The issue arises in the CIccApplyCmmSearch::costFunc() method, where malformed JSON configuration input to the iccApplySearch tool can trigger an out-of-bounds read of size 8. This vulnerability has been patched in version 2.3.1.6.

Impact

Exploitation of this vulnerability leads to a heap-buffer-overflow, which can commonly result in memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by using the iccApplySearch tool with a JSON configuration file that contains the 'pccFile' and 'weight' fields swapped. This malformed input will trigger the heap-buffer-overflow in the costFunc() method.

Remediation

Users can update to iccDEV version 2.3.1.6 or later to address this vulnerability.

Added: Mar 31, 2026, 11:38 PM

Updated: Mar 31, 2026, 11:38 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.2

remediation

0.0

relevance

5.0

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.2

remediation

0.0

relevance

5.0

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

iccDEV Heap-Buffer-Overflow Vulnerability in CIccApplyCmmSearch Cost Function

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating