Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Type Confusion in its CIccSingleSampledeCurveXml class during XML Curve Serialization. This issue is fixed in version 2.3.1.2.

Related CPE's

a

color

iccdev

Vulnerable

References

https://github.com/InternationalColorConsortium/iccDEV/commit/7ff76d1471077172f9659de8d9536443eac7c48f

Patch

https://github.com/InternationalColorConsortium/iccDEV/issues/358

ExploitIssue TrackingVendor Advisory

https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-p85g-f9q7-jmjx

PatchVendor Advisory

Weaknesses

[email protected]

Primary
CWE-188CWE-703CWE-843

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

6.6 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2026-01-06T15:15:44.983Z

1 week ago

Last modified

2026-01-14T18:46:59.953Z

2 hours ago