iccDEV library versions prior to 2.3.1.2 contain an undefined behavior vulnerability when floating-point NaN values are converted to unsigned short integer types during ICC profile XML parsing. This issue can corrupt memory structures and potentially enable arbitrary code execution. The vulnerability affects users who process ICC color profiles and arises from unsafe incorporation of user-controllable input into ICC profile data. Version 2.3.1.2 contains a fix for this issue with no known workarounds available.