CVE-2026-22255
Unknown Unknown - Not Provided
Heap Buffer Overflow in iccDEV CIccCLUT::Init() Function

Publication date: 2026-01-08

Last updated on: 2026-01-08

Assigner: GitHub, Inc.

Description
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow vulnerability in `CIccCLUT::Init()` at `IccProfLib/IccTagLut.cpp`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-08
Last Modified
2026-01-08
Generated
2026-06-16
AI Q&A
2026-01-08
EPSS Evaluated
2026-06-14
NVD
CVE-2026-22255
EUVD
EUVD-2026-1671
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
international_color_consortium iccdev to 2.3.1.2 (exc)
international_color_consortium iccdev 2.3.1.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-130 The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.
CWE-252 The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-22255 is a heap-buffer-overflow vulnerability in the iccDEV library, specifically in the function CIccCLUT::Init() within the file IccProfLib/IccTagLut.cpp. The issue occurs when the size of the gridpoints array does not match the expected number of input channels during ICC color profile processing, causing out-of-bounds memory access. This can lead to memory corruption or crashes. The vulnerability was fixed by adding validation checks to ensure the gridpoints array size is equal to or greater than the expected inputs before proceeding, preventing the overflow. [1, 2, 3]

Impact Analysis

This vulnerability can have a high impact, as exploitation allows an attacker to cause heap buffer overflow leading to potential data disclosure, data modification, or denial of service (crashes or service disruption). The CVSS score is 8.8, indicating high severity. The attack can be performed remotely over the network without privileges but requires some user interaction. Users processing ICC color profiles with vulnerable versions of iccDEV are at risk. [2]

Detection Guidance

This vulnerability can be detected by attempting to parse malformed ICC profile XML files where the number of GridPoints and InputChannels do not match, which triggers error messages such as "The number of GridPoints and InputChannels do not match" and causes parsing failures. Detection can also be aided by using tools like AddressSanitizer to identify heap-buffer-overflow errors during ICC profile processing, especially in the function CIccCLUT::Init(). Specific commands are not provided in the resources, but running the iccDEV library's ICC profile parsing on crafted malformed XML profiles or using AddressSanitizer during testing can help detect the issue. [1, 3]

Mitigation Strategies

The immediate mitigation step is to update the iccDEV library to version 2.3.1.2 or later, where the heap-buffer-overflow vulnerability in CIccCLUT::Init() has been patched by adding validation checks to ensure the size of the gridpoints array matches the expected input channels. No workarounds are available, so upgrading to the fixed version is essential to prevent exploitation. [2, 1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22255. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart