CVE-2026-22861
Heap-Based Buffer Overflow in iccDEV ICC Profile Processing
Publication date: 2026-01-13
Last updated on: 2026-01-13
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| international_color_consortium | iccdev | 2.3.1.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
| CWE-252 | The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions. |
| CWE-130 | The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-22861 is a heap-based buffer overflow vulnerability in the iccDEV library, specifically in the function SIccCalcOp::Describe() within the IccProfLib/IccMpeCalc.cpp file. The vulnerability occurs due to improper handling of operation counts and incorrect bounds checking when processing ICC color profile calculation operations, leading to out-of-bounds memory reads beyond the allocated heap buffer. This can cause memory corruption or crashes when processing crafted ICC profiles, especially during conversion to XML format. The issue was fixed by correcting the calculation of sub-operation counts and ensuring safe memory access in version 2.3.1.2. [1, 2, 3, 4]
How can this vulnerability impact me? :
This vulnerability can lead to memory corruption, application crashes, or potentially allow an attacker to execute arbitrary code when processing maliciously crafted ICC color profiles. Since the vulnerability can be exploited remotely without privileges but requires user interaction, it poses a high risk to confidentiality, integrity, and availability of systems using the iccDEV library for ICC profile processing. Exploitation could result in data breaches, data manipulation, or denial of service. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by using the iccToXml tool from the iccDEV project, which converts ICC profile data to XML format. The heap-buffer-overflow was identified through AddressSanitizer during the execution of iccToXml. Running iccToXml on ICC profiles and monitoring with AddressSanitizer or similar memory error detection tools can help detect the vulnerability. Example command: `ASAN_OPTIONS=detect_stack_use_after_return=1 ./iccToXml <icc_profile.icc>` on a Linux system with AddressSanitizer enabled. This will help identify out-of-bounds reads or heap-buffer-overflows during ICC profile processing. [2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the iccDEV library to version 2.3.1.2 or later, where the vulnerability in SIccCalcOp::Describe() has been fixed. The fix corrects the handling of operation counts to prevent out-of-bounds heap memory access. Until the upgrade is applied, avoid processing untrusted or malformed ICC profiles with vulnerable versions of iccDEV, especially using the iccToXml tool. No other workarounds are provided. [3, 4, 1]