iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color managem…
Published:
12 January 2026 at 23:00:00
Alert date:
13 January 2026 at 22:01:39
Source:
nvd.nist.gov
Supply Chain & Dependencies
A heap-based buffer overflow vulnerability (CVE-2026-22861) exists in the iccDEV library prior to version 2.3.1.2. The vulnerability is located in the SIccCalcOp::Describe() function at IccProfLib/IccMpeCalc.cpp and affects users who process ICC color management profiles. iccDEV provides libraries and tools for interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. The vulnerability has been fixed in version 2.3.1.2. This buffer overflow could potentially allow attackers to execute arbitrary code or cause denial of service when processing malicious ICC profiles.
Technical details
Mitigation steps:
Affected products:
iccDEV
Related links:
https://nvd.nist.gov/vuln/detail/CVE-2026-22861
https://github.com/InternationalColorConsortium/iccDEV/commit/fa9a364c01fc2e59eb2291e1f9b1c1359b7d5329
https://github.com/InternationalColorConsortium/iccDEV/pull/475
https://github.com/InternationalColorConsortium/iccDEV/pull/476
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-vr49-3vf8-7j5h
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.