CVE-2026-31796

HIGH SEVERITY

CVSS Score & Metrics

Base Score

7.8 / 10

Vector String

                                        CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H                                    

Vulnerability Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow in icCurvesFromXml() causing heap memory corruption or crash. This vulnerability is fixed in 2.3.1.5.

Vulnerability Details

Published Date

March 10, 2026

Last Modified

March 13, 2026

CWE ID

CWE-122

Source

NVD

Vendor

InternationalColorConsortium

Product

iccDEV

External References

https://github.com/InternationalColorConsortium/iccDEV/issues/651
https://github.com/InternationalColorConsortium/iccDEV/pull/658
https://github.com/InternationalColorConsortium/iccDEV/releases/tag/v2.3.1.5
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-mv6h-vpcg-pwfx

CVE-2026-31796

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment