CVE-2026-31797

Published: Mar 10, 2026Modified: Mar 13, 2026

6.1

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

Exploitability: 1.8 / Impact: 4.2

Source: security-advisories@github.com (Secondary)

Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in CTiffImg::ReadLine() when iccApplyProfiles processes a crafted TIFF image, causing memory disclosure or crash. This vulnerability is fixed in 2.3.1.5.

Affected (1)

Products: Color: Iccdev

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Color Iccdev	Before 2.3.1.5

Related CWEs

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (4)

https://github.com/InternationalColorConsortium/iccDEV/issues/656

Source: security-advisories@github.com

Issue Tracking

https://github.com/InternationalColorConsortium/iccDEV/pull/659

Source: security-advisories@github.com

Issue TrackingPatch

https://github.com/InternationalColorConsortium/iccDEV/releases/tag/v2.3.1.5

Source: security-advisories@github.com

Product

https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-wh2p-cm3r-7hm3

Source: security-advisories@github.com

PatchVendor Advisory

Timeline

No history available yet.