Vulnerability Details CVE-2026-22861
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Prior to 2.3.1.2, There is a heap-based buffer overflow in SIccCalcOp::Describe() at IccProfLib/IccMpeCalc.cpp. This vulnerability affects users of the iccDEV library who process ICC color profiles. The vulnerability is fixed in 2.3.1.2.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 11.2%
CVSS Severity
CVSS v3 Score 8.8
References
- https://github.com/InternationalColorConsortium/iccDEV/commit/fa9a364c01fc2e59eb2291e1f9b1c1359b7d5329
- https://github.com/InternationalColorConsortium/iccDEV/pull/475
- https://github.com/InternationalColorConsortium/iccDEV/pull/476
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-vr49-3vf8-7j5h