Description
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a heap-buffer-overflow (HBO) in icMemDump() when iccDumpProfile attempts to dump/describe malformed tag contents. The issue is observable under AddressSanitizer as an out-of-bounds heap read in icMemDump(...) at IccProfLib/IccUtil.cpp:1002, reachable via CIccTagUnknown::Describe(). This issue has been patched in version 2.3.1.6.
Published: 2026-03-31
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Heap Buffer Overflow leading to potential data disclosure or crash
Action: Immediate Patch
AI Analysis

Impact

A malformed ICC profile can trigger a heap‑buffer‑overflow in the icMemDump function of iccDEV. The overflow occurs when the library reads malformed tag contents during a profile dump, resulting in an out‑of‑bounds heap read. This weakness is classified as CWE‑122 and can cause unhandled crashes or unintended disclosure of memory contents.

Affected Systems

All releases of International Color Consortium’s iccDEV library older than version 2.3.1.6 are vulnerable. Applications that load or dump ICC profiles via iccDEV without validating the profile are impacted unless running the patched release.

Risk and Exploitability

The CVSS score of 6.2 indicates a medium severity vulnerability. No EPSS score is available, and the flaw is not in the CISA KEV catalog. The likely attack vector is local, where an attacker supplies a crafted ICC profile to an application that uses iccDEV; it may also be exploitable from remote if the profile is transmitted to a remote service that processes it. Exploitation would produce a crash or potential data exposure, but it requires the affected application to process the malicious profile.

Generated by OpenCVE AI on April 1, 2026 at 06:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade iccDEV to version 2.3.1.6 or later.
  • If an upgrade is not feasible, restrict the use of iccDEV to trusted ICC profiles only and sandbox or deny untrusted profile loading.
  • Monitor system logs for unexpected crashes or access‑violation events during ICC profile handling.

Generated by OpenCVE AI on April 1, 2026 at 06:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Internationalcolorconsortium
Internationalcolorconsortium iccdev
Vendors & Products Internationalcolorconsortium
Internationalcolorconsortium iccdev

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Description iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a heap-buffer-overflow (HBO) in icMemDump() when iccDumpProfile attempts to dump/describe malformed tag contents. The issue is observable under AddressSanitizer as an out-of-bounds heap read in icMemDump(...) at IccProfLib/IccUtil.cpp:1002, reachable via CIccTagUnknown::Describe(). This issue has been patched in version 2.3.1.6.
Title iccDEV: HBO in icMemDump()
Weaknesses CWE-122
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Internationalcolorconsortium Iccdev
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-01T13:31:29.126Z

Reserved: 2026-03-30T16:31:39.263Z

Link: CVE-2026-34540

cve-icon Vulnrichment

Updated: 2026-04-01T13:31:20.364Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-03-31T22:16:21.600

Modified: 2026-04-01T14:23:37.727

Link: CVE-2026-34540

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T20:10:14Z

Weaknesses