Iccdev
CVE-2026-34551
MEDIUM
Severity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionGitHub Advisory
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a null-pointer dereference (NPD) in CIccTagLut16::Write() can be triggered when processing a crafted ICC profile (embedded in a TIFF and extracted during iccTiffDump). This issue has been patched in version 2.3.1.6.
AnalysisAI
Denial of service via null-pointer dereference in iccDEV prior to version 2.3.1.6 allows local attackers to crash the application by processing a crafted ICC color profile embedded in a TIFF file. The vulnerability exists in the CIccTagLut16::Write() function and requires local file system access but no authentication or user interaction. No public exploit code or active exploitation has been confirmed; the issue is considered moderate severity due to denial-of-service impact only (no code execution or data compromise).
Technical ContextAI
iccDEV is a C++ library and tool suite maintained by the International Color Consortium for parsing, manipulating, and validating International Color Consortium (ICC) color profile files. The vulnerability stems from a null-pointer dereference (CWE-476) in the CIccTagLut16::Write() function, which is responsible for serializing 16-bit lookup table (LUT) tag structures within ICC profiles. The attack vector involves crafted ICC profiles embedded within TIFF image files, which are then extracted and processed by the iccTiffDump utility. The null pointer is triggered during write operations on malformed LUT16 tag data, indicating insufficient input validation or bounds checking before pointer dereference in the serialization code path.
RemediationAI
Upgrade iccDEV to version 2.3.1.6 or later, which includes a fix for the null-pointer dereference in CIccTagLut16::Write(). Users should obtain the patched version from the official International Color Consortium iccDEV repository (https://github.com/InternationalColorConsortium/iccDEV). The patch is available in GitHub PR #728 and has been released as version 2.3.1.6. In environments where immediate patching is not feasible, avoid processing untrusted or unknown TIFF files with iccTiffDump, and consider restricting file processing to trusted sources.
iccDEV ICC color profile library (through 2.3.1) has a use-after-free in CIccXform::Create() when processing hint object
Heap buffer overflow in iccDEV versions 2.3.1.1 and below allows remote code execution through maliciously crafted ICC c
Heap buffer overflow in iccDEV versions 2.3.1.1 and below allows remote code execution when processing maliciously craft
Heap buffer overflow in iccDEV versions 2.3.1.1 and earlier allows remote code execution through maliciously crafted ICC
Type confusion in iccDEV library versions before 2.3.1.2 allows unauthenticated attackers to achieve remote code executi
iccDEV color management library versions 2.3.1 and earlier contain undefined behavior in the CLUT initialization functio
iccDEV ICC color profile libraries versions 2.3.1.1 and earlier suffer from undefined behavior and out-of-memory errors
Heap buffer overflow in iccDEV versions before 2.3.1.2 allows remote code execution when processing malicious ICC color
Type confusion in iccDEV versions before 2.3.1.2 allows attackers to corrupt memory and achieve high-impact outcomes inc
Type confusion in iccDEV versions before 2.3.1.2 allows unauthenticated attackers to achieve remote code execution throu
Heap buffer overflow in iccDEV versions before 2.3.1.2 allows remote code execution when processing malicious ICC color
Heap buffer overflow in iccDEV versions prior to 2.3.1.2 allows remote attackers to execute arbitrary code through the C
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Null Pointer Dereference
View allShare
External POC / Exploit Code
Leaving vuln.today