CVE-2026-31795
Stack Buffer Overflow in iccDEV CIccXform3DLut::Apply() Function
Publication date: 2026-03-10
Last updated on: 2026-03-13
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| color | iccdev | to 2.3.1.5 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-31795 is a stack-based buffer overflow vulnerability in the International Color Consortium's iccDEV project, specifically in the function CIccXform3DLut::Apply(). This function improperly handles input data by writing 4 bytes beyond the boundary of a stack-allocated buffer named XYZbp, causing stack memory corruption or crashes."}, {'type': 'paragraph', 'content': 'The overflow occurs because the function does not properly validate input sizes before copying data into the buffer, leading to out-of-bounds writes. This vulnerability can be triggered by processing specially crafted ICC color profiles.'}, {'type': 'paragraph', 'content': 'The issue was detected using AddressSanitizer during execution of the iccApplyProfiles tool with a malicious ICC profile and a test TIFF image, confirming the buffer overflow and its potential for causing undefined behavior or exploitable conditions.'}] [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to corruption of stack memory, causing the affected application to crash or behave unpredictably.
Because it is a stack buffer overflow, it may be exploitable to execute arbitrary code or escalate privileges, impacting the confidentiality, integrity, and availability of the system.
Exploitation requires local access with low attack complexity and some user interaction, but no special privileges are needed.
The CVSS v3.1 base score of 7.8 reflects a high impact on confidentiality, integrity, and availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by running the iccDEV tool `iccApplyProfiles` with a specially crafted ICC profile file designed to trigger the stack buffer overflow in the function CIccXform3DLut::Apply().
Detection was demonstrated using AddressSanitizer (ASan), which reported the overflow during execution with the crafted ICC profile and a test TIFF image.
A suggested detection approach is to use AddressSanitizer-enabled builds of iccDEV and run a command similar to:
- ASAN_OPTIONS=detect_stack_use_after_return=1 ./iccApplyProfiles sbo-CIccXform3DLut-Apply-IccCmm_cpp-Line5873.icc test_rgb.tif
This command uses the vulnerable tool with the crafted ICC profile and a test image to trigger and detect the overflow.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the iccDEV package to version 2.3.1.5 or later, where the vulnerability has been fixed.
The fix ensures proper validation of lookup table output colorspace and channel counts to prevent out-of-bounds writes in the CIccXform3DLut::Apply() function.
No workarounds are provided, so updating to the patched version is the recommended action.