CVE-2026-22861

HIGH EPSS 43.9%
Published Jan 13, 20265mo ago · Modified Jun 17, 20262w ago
8.8 CVSS 3.1
High
Find Similar
Published Jan 13, 2026 5mo ago
Last Modified Jun 17, 2026 2w ago

Description

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Prior to 2.3.1.2, There is a heap-based buffer overflow in SIccCalcOp::Describe() at IccProfLib/IccMpeCalc.cpp. This vulnerability affects users of the iccDEV library who process ICC color profiles. The vulnerability is fixed in 2.3.1.2.

CVSS Details

Base Score
8.8
Exploitability
2.8
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
43.9% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 4

CWE-120
CWE-130
CWE-252
CWE-787 Out-of-bounds Write Memory Safety

Affected Products 1

VendorProductVersionRange
coloriccdev* <2.3.1.2

References 4

  • github.com https://github.com/InternationalColorConsortium/iccDEV/commit/fa9a364c01fc2e59eb2291e1f9b1c1359b7d5329
    Patch
  • github.com https://github.com/InternationalColorConsortium/iccDEV/pull/475
    ExploitIssue TrackingPatch
  • github.com https://github.com/InternationalColorConsortium/iccDEV/pull/476
    Issue Tracking
  • github.com https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-vr49-3vf8-7j5h
    Third Party Advisory

Remediation

  • github.com https://github.com/InternationalColorConsortium/iccDEV/commit/fa9a364c01fc2e59eb2291e1f9b1c1359b7d5329
    Patch
  • github.com https://github.com/InternationalColorConsortium/iccDEV/pull/475
    ExploitIssue TrackingPatch