CVE-2026-22861
iccDEV has a heap-buffer-overflow in SIccCalcOp::Describe() at IccProfLib/IccMpeCalc.cpp
In short
iccDEV has a heap buffer overflow vulnerability in its color profile processing code that can crash the application or potentially allow attackers to execute malicious code when processing specially crafted ICC color profiles.
Technical detail
A heap-based buffer overflow exists in the SIccCalcOp::Describe() function (IccProfLib/IccMpeCalc.cpp) triggered by improper bounds checking when processing ICC profile data. The attack vector requires supplying a malformed ICC color profile to an application using the vulnerable iccDEV library; successful exploitation can lead to memory corruption, denial of service, or arbitrary code execution depending on heap layout and mitigations.
Summary generated and translated by AI from the official description.
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Prior to 2.3.1.2, There is a heap-based buffer overflow in SIccCalcOp::Describe() at IccProfLib/IccMpeCalc.cpp. This vulnerability affects users of the iccDEV library who process ICC color profiles. The vulnerability is fixed in 2.3.1.2.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
InternationalColorConsortium · iccDEVWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/InternationalColorConsortium/iccDEV/commit/fa9a364c01fc2e59eb2291e1f9b1c1359b7d5329https://github.com/InternationalColorConsortium/iccDEV/pull/475https://github.com/InternationalColorConsortium/iccDEV/pull/476https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-vr49-3vf8-7j5h