CVE-2026-31795
📋 TL;DR
A stack buffer overflow vulnerability in iccDEV's CIccXform3DLut::Apply() function allows attackers to corrupt stack memory or cause crashes. This affects all systems using iccDEV libraries/tools for ICC color management prior to version 2.3.1.5. Applications processing untrusted ICC profiles are particularly vulnerable.
💻 Affected Systems
- iccDEV libraries and tools
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise if the overflow can be controlled to execute arbitrary code.
Likely Case
Application crashes (denial of service) when processing malicious ICC profiles, potentially disrupting color management workflows.
If Mitigated
Limited to denial of service if exploit control is insufficient for code execution or if memory protections are enabled.
🎯 Exploit Status
Exploitation requires crafting a malicious ICC profile. No public exploit code has been identified, but the vulnerability details are public.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.3.1.5
Vendor Advisory: https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-wh5x-j6pq-pr3c
Restart Required: Yes
Instructions:
1. Download iccDEV v2.3.1.5 from GitHub releases. 2. Replace existing iccDEV installation with patched version. 3. Rebuild/redeploy any applications using iccDEV libraries. 4. Restart affected services.
🔧 Temporary Workarounds
Input validation for ICC profiles
allImplement strict validation of ICC profile files before processing with iccDEV libraries
Memory protection hardening
allEnable ASLR, DEP, and stack canaries to reduce exploit effectiveness
For Linux: sysctl -w kernel.randomize_va_space=2
For Windows: Enable Data Execution Prevention (DEP) via System Properties
🧯 If You Can't Patch
- Implement network segmentation to isolate systems using iccDEV from untrusted networks.
- Deploy application allowlisting to prevent execution of unauthorized code if exploitation occurs.
🔍 How to Verify
Check if Vulnerable:
Check iccDEV version: iccDEV libraries should report version <2.3.1.5. Review application dependencies for iccDEV usage.Check Version:
For command-line tools: iccdev --version or check library version in application build configurationVerify Fix Applied:
Confirm iccDEV version is 2.3.1.5 or later. Test with known ICC profiles to ensure normal functionality.📡 Detection & Monitoring
Log Indicators:
- Application crashes with segmentation faults or access violations when processing ICC profiles
- Unexpected termination of color management processes
Network Indicators:
- Unusual network traffic to/from systems processing ICC profiles
- Uploads of ICC profile files to web applications
SIEM Query:
EventID=1000 OR EventID=1001 (Application crashes) AND ProcessName contains 'icc' OR 'color'🔗 References
- https://github.com/InternationalColorConsortium/iccDEV/issues/649
- https://github.com/InternationalColorConsortium/iccDEV/pull/655
- https://github.com/InternationalColorConsortium/iccDEV/releases/tag/v2.3.1.5
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-wh5x-j6pq-pr3c
