Login Sign Up

CVE-2026-22255

8.8 HIGH

📋 TL;DR

A heap-buffer-overflow vulnerability in iccDEV's CIccCLUT::Init() function allows attackers to execute arbitrary code or cause denial of service by processing malicious ICC color profiles. This affects all users of iccDEV library versions before 2.3.1.2 who handle ICC color profiles in applications like image processing software, design tools, or color management systems.

💻 Affected Systems

Products:
  • iccDEV library
  • Any software using iccDEV for ICC profile processing
Versions: All versions prior to 2.3.1.2
Operating Systems: All platforms where iccDEV is used (Linux, Windows, macOS, etc.)
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability triggers when processing ICC color profiles through the affected library function

📦 What is this software?

Iccdev by Color

View all CVEs affecting Iccdev →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment

🟠

Likely Case

Application crash (denial of service) with potential for limited code execution in the application context

🟢

If Mitigated

Application crash without code execution if memory protections like ASLR/DEP are effective

🌐 Internet-Facing: MEDIUM - Requires processing malicious ICC profiles, which could be delivered via web uploads or email attachments
🏢 Internal Only: LOW - Requires user interaction to process malicious files, typically not automated

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires crafting malicious ICC profiles and getting them processed by vulnerable software

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.3.1.2

Vendor Advisory: https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-qv2w-mq3g-73gv

Restart Required: Yes

Instructions:

1. Update iccDEV library to version 2.3.1.2 or later. 2. Rebuild any applications using the library. 3. Restart affected services/applications.

🧯 If You Can't Patch

  • Implement strict file validation for ICC profiles before processing
  • Isolate color profile processing to sandboxed environments

🔍 How to Verify

Check if Vulnerable:

Check linked library version: ldd /path/to/application | grep iccDEV or check package manager for iccDEV version

Check Version:

pkg-config --modversion iccdev 2>/dev/null || echo "Check application dependencies for iccDEV version"

Verify Fix Applied:

Verify iccDEV version is 2.3.1.2 or higher: pkg-config --modversion iccdev or check library file version

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with segmentation faults in color processing functions
  • Memory corruption errors in application logs

Network Indicators:

  • Unusual ICC profile uploads to web applications
  • Large or malformed ICC files in network traffic

SIEM Query:

source="application.logs" AND ("segmentation fault" OR "heap overflow" OR "CIccCLUT")

📊 Metadata

CVE ID: CVE-2026-22255
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-20
EPSS Score: 0.11% exploit probability (29.4th percentile)
Published: January 8, 2026
Last Updated: January 14, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-22255, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)