Description

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to stack overflow in the calculator parser. This issue has been patched in version 2.3.1.2.

Related CPE's

a

color

iccdev

Vulnerable

References

https://github.com/InternationalColorConsortium/iccDEV/blob/8e71f0a701abcbd554725ba7b70258203e682a61/IccProfLib/IccMpeCalc.cpp#L4588

Product

https://github.com/InternationalColorConsortium/iccDEV/commit/798be59011649a26a529600cc3cd56437634d3d0

Patch

https://github.com/InternationalColorConsortium/iccDEV/commit/f3056ed99935d479091470127ad16f8be1912bb7

Patch

https://github.com/InternationalColorConsortium/iccDEV/issues/365

ExploitIssue Tracking

https://github.com/InternationalColorConsortium/iccDEV/pull/413

Issue Tracking

https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-x7hw-h22p-2x4w

Third Party Advisory

Weaknesses

[email protected]

Primary
CWE-20

[email protected]

Primary
CWE-787

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.5 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2026-01-07T18:15:54.100Z

3 days ago

Last modified

2026-01-09T21:33:44.810Z

26 hours ago