iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.…

A heap buffer overflow vulnerability exists in iccDEV's CIccIO::WriteUInt16Float() function when converting malformed XML to ICC profiles using the iccFromXml tool. The vulnerability affects versions prior to 2.3.1.3 and has been patched in version 2.3.1.3. iccDEV provides libraries and tools for ICC color management profile interaction and manipulation. The vulnerability is triggered when processing malformed XML input during ICC profile conversion operations.