CVE-2026-31794

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-31794
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a segmentation fault from invalid/wild pointer read in CIccCLUT::Interp3d() causing a denial of service. This vulnerability is fixed in 2.3.1.5.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/InternationalColorConsortium/iccDEV/issues/645 Issue Tracking
https://github.com/InternationalColorConsortium/iccDEV/pull/653 Issue Tracking Patch
https://github.com/InternationalColorConsortium/iccDEV/releases/tag/v2.3.1.5 Product
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-6jrq-wfqg-wv7w Patch Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*
History

13 Mar 2026, 20:30

Type Values Removed Values Added
First Time Color
Color iccdev
CPE cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*
References () https://github.com/InternationalColorConsortium/iccDEV/issues/645 - () https://github.com/InternationalColorConsortium/iccDEV/issues/645 - Issue Tracking
References () https://github.com/InternationalColorConsortium/iccDEV/pull/653 - () https://github.com/InternationalColorConsortium/iccDEV/pull/653 - Issue Tracking, Patch
References () https://github.com/InternationalColorConsortium/iccDEV/releases/tag/v2.3.1.5 - () https://github.com/InternationalColorConsortium/iccDEV/releases/tag/v2.3.1.5 - Product
References () https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-6jrq-wfqg-wv7w - () https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-6jrq-wfqg-wv7w - Patch, Vendor Advisory

11 Mar 2026, 13:53

Type Values Removed Values Added
Summary
  • (es) iccDEV proporciona un conjunto de bibliotecas y herramientas para trabajar con perfiles de gestión de color ICC. Antes de 2.3.1.5, existe un fallo de segmentación por lectura de puntero inválido/erróneo en CIccCLUT::Interp3d() que causa una denegación de servicio. Esta vulnerabilidad está corregida en 2.3.1.5.

10 Mar 2026, 18:18

Type Values Removed Values Added
New CVE
Information

Published : 2026-03-10 18:18

Updated : 2026-03-13 20:30

NVD link : CVE-2026-31794

Mitre link : CVE-2026-31794

CVE.ORG link : CVE-2026-31794

JSON object : View

Products Affected

color

  • iccdev
CWE
CWE-125

Out-of-bounds Read

CWE-703

Improper Check or Handling of Exceptional Conditions