iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Versions prior to 2…

iccDEV library versions prior to 2.3.1.2 contain an undefined behavior vulnerability when floating-point NaN values are converted to unsigned short integer types during ICC profile XML parsing. This issue can corrupt memory structures and potentially enable arbitrary code execution. The vulnerability affects users who process ICC color profiles and arises from unsafe incorporation of user-controllable input into ICC profile data. Version 2.3.1.2 contains a fix for this issue with no known workarounds available.