Is Iccdev affected by CVE-2026-22047?

CVE-2026-22047 presents significant security risk, a input validation vulnerability rated CVSS 8.8. Successful exploitation could significantly impact the confidentiality, integrity, or availability of affected systems.

CVE-2026-22047

HIGH

2026-01-07 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Jan 14, 2026 - 18:45 vuln.today

Public exploit code

Patch Released

Jan 14, 2026 - 18:45 nvd

Patch available

CVE Published

Jan 07, 2026 - 22:15 nvd

HIGH 8.8

Description

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow vulnerability in `SIccCalcOp::Describe()` at `IccProfLib/IccMpeCalc.cpp`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.

Analysis

Heap buffer overflow in iccDEV versions before 2.3.1.2 allows remote code execution when processing malicious ICC color profiles, affecting applications that use the iccDEV library to manage color data. Public exploit code exists for this vulnerability, enabling attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. …

Remediation

Within 7 days: Identify all affected systems and apply vendor patches promptly. Vendor patch is available.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +44

POC: +20

CVE-2026-22047 vulnerability details – vuln.today

Back

CVE-2026-22047

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-22047

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code