Description
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a stack-buffer-overflow (SBO) in CIccTagFixedNum<>::GetValues() and a related bug chain. The primary crash is an AddressSanitizer-reported WRITE of size 4 that overflows a 4-byte stack variable (rv) via the call chain CIccTagFixedNum::GetValues() -> CIccTagStruct::GetElemNumberValue(). This issue has been patched in version 2.3.1.6.
Published: 2026-03-31
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Stack buffer overflow causing memory corruption and potential crash
Action: Immediate Patch
AI Analysis

Impact

This vulnerability introduces a stack-buffer-overflow in the CIccTagFixedNum::GetValues() routine of the iccDEV library. When this function calls CIccTagStruct::GetElemNumberValue(), a write of four bytes exceeds the size of a four-byte stack variable, corrupting the local stack frame. The result is a memory corruption that can lead to an application crash and denial of service. No evidence in the provided description indicates escalation of privileges or execution of arbitrary code, only potential instability and memory corruption.

Affected Systems

The issue affects all releases of iccDEV from the International Color Consortium prior to version 2.3.1.6. The library versions beginning with 2.3.1.6 contain the patch that resolves the overflow.

Risk and Exploitability

The CVSS base score of 6.2 describes moderate severity. The Exploit Prediction Scoring System score is not available, and it is not listed in the CISA Known Exploited Vulnerabilities catalog. The attack vector is likely local, triggered when an application uses the vulnerable library to process an ICC profile that contains a CIccTagFixedNum tag. Remote exploitation is not documented in the supplied data.

Generated by OpenCVE AI on April 1, 2026 at 06:32 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the iccDEV library to version 2.3.1.6 or newer.
  • Verify that applications are linking against the updated library and that no legacy code paths invoke the vulnerable function.
  • If an immediate upgrade is not possible, disable or restrict the processing of ICC profiles that contain CIccTagFixedNum tags until the library can be updated.
  • Monitor application logs for signs of abnormal crashes or memory corruption related to ICC profile handling.

Generated by OpenCVE AI on April 1, 2026 at 06:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 20 Apr 2026 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Color
Color iccdev
CPEs cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*
Vendors & Products Color
Color iccdev

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Internationalcolorconsortium
Internationalcolorconsortium iccdev
Vendors & Products Internationalcolorconsortium
Internationalcolorconsortium iccdev

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Description iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a stack-buffer-overflow (SBO) in CIccTagFixedNum<>::GetValues() and a related bug chain. The primary crash is an AddressSanitizer-reported WRITE of size 4 that overflows a 4-byte stack variable (rv) via the call chain CIccTagFixedNum::GetValues() -> CIccTagStruct::GetElemNumberValue(). This issue has been patched in version 2.3.1.6.
Title iccDEV: SBO in CIccTagFixedNum::GetValues()
Weaknesses CWE-121
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Color Iccdev
Internationalcolorconsortium Iccdev
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-01T13:22:19.691Z

Reserved: 2026-03-30T16:31:39.265Z

Link: CVE-2026-34555

cve-icon Vulnrichment

Updated: 2026-04-01T13:22:11.709Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-31T23:17:10.810

Modified: 2026-04-20T14:38:31.053

Link: CVE-2026-34555

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T20:10:01Z

Weaknesses