iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, CIccXmlArrayT…

iccDEV, a library for ICC color management profiles, contains a null pointer dereference and undefined behavior vulnerability in CIccXmlArrayType() function in versions 2.3.1.1 and below. The vulnerability occurs when user-controllable input is unsafely incorporated into ICC profile data or structured binary blobs. Successful exploitation can lead to denial of service, data manipulation, application logic bypass, and code execution. The issue has been patched in version 2.3.1.2.