top of page
perceptive_background_267k.jpg

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-use-after-free in CIccCmm::AddXfo…

Published:

9 March 2026 at 23:00:00

Alert date:

10 March 2026 at 19:06:17

Source:

nvd.nist.gov

Click to open the original link from this advisory

Supply Chain & Dependencies

A heap-use-after-free vulnerability exists in iccDEV, a set of libraries and tools for working with ICC color management profiles. The vulnerability occurs in the CIccCmm::AddXform() function and causes invalid virtual pointer dereference leading to application crashes. This affects versions prior to 2.3.1.5 and has been fixed in version 2.3.1.5. The vulnerability could potentially be exploited to cause denial of service conditions in applications using the affected iccDEV library.

Technical details

Mitigation steps:

Affected products:

iccDEV

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-30978
https://github.com/InternationalColorConsortium/iccDEV/issues/612
https://github.com/InternationalColorConsortium/iccDEV/pull/616
https://github.com/InternationalColorConsortium/iccDEV/releases/tag/v2.3.1.5
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-97mf-f6r7-q9q4

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page