Home

Description

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to stack overflow in the calculator parser. This issue has been patched in version 2.3.1.2.

PUBLISHED Reserved 2025-12-29 | Published 2026-01-07 | Updated 2026-01-07 | Assigner GitHub_M




MEDIUM: 5.5CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Problem types

CWE-20: Improper Input Validation

Product status

< 2.3.1.2
affected

References

github.com/...iccDEV/security/advisories/GHSA-x7hw-h22p-2x4w

github.com/InternationalColorConsortium/iccDEV/issues/365

github.com/InternationalColorConsortium/iccDEV/pull/413

github.com/...ommit/798be59011649a26a529600cc3cd56437634d3d0

github.com/...ommit/f3056ed99935d479091470127ad16f8be1912bb7

github.com/...5ba7b70258203e682a61/IccProfLib/IccMpeCalc.cpp

cve.org (CVE-2026-21501)

nvd.nist.gov (CVE-2026-21501)

Download JSON