CVE-2026-22046
Unknown Unknown - Not Provided
Heap Buffer Overflow in iccDEV ICC Profile Parsing (Pre

Publication date: 2026-01-07

Last updated on: 2026-01-07

Assigner: GitHub, Inc.

Description
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow vulnerability in `CIccProfileXml::ParseBasic()` at `IccXML/IccLibXML/IccProfileXml.cpp`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-07
Last Modified
2026-01-07
Generated
2026-05-07
AI Q&A
2026-01-08
EPSS Evaluated
2026-05-05
NVD
CVE-2026-22046
EUVD
EUVD-2026-1383
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
iccdev iccdev to 2.3.1.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-252 The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.
CWE-130 The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.
CWE-843 The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a heap-buffer-overflow in the iccDEV library, specifically in the function CIccProfileXml::ParseBasic() within the file IccXML/IccLibXML/IccProfileXml.cpp. It affects versions prior to 2.3.1.2 and occurs when processing ICC color profiles, potentially leading to memory corruption.


How can this vulnerability impact me? :

The vulnerability can lead to serious impacts including high confidentiality, integrity, and availability risks. An attacker could exploit the heap-buffer-overflow to execute arbitrary code, cause a denial of service, or corrupt data when processing ICC color profiles.


What immediate steps should I take to mitigate this vulnerability?

The immediate step to mitigate this vulnerability is to upgrade the iccDEV library to version 2.3.1.2 or later, which contains the patch for the heap-buffer-overflow vulnerability. No known workarounds are available.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart