CVE-2026-22861HIGH 8.8EPSS p43.7%

CVE-2026-22861CVE-2026-22861

Description

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Prior to 2.3.1.2, There is a heap-based buffer overflow in SIccCalcOp::Describe() at IccProfLib/IccMpeCalc.cpp. This vulnerability affects users of the iccDEV library who process ICC color profiles. The vulnerability is fixed in 2.3.1.2.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS0.59% probability of exploitation · percentile 43.7% · 2026-06-18T12:00:27Z
Published2026-01-13
Last modified2026-01-16

Underlying weaknesses· 4

CWE-120CWE-130CWE-252CWE-787

References

  1. https://github.com/InternationalColorConsortium/iccDEV/commit/fa9a364c01fc2e59eb2291e1f9b1c1359b7d5329
  2. https://github.com/InternationalColorConsortium/iccDEV/pull/475
  3. https://github.com/InternationalColorConsortium/iccDEV/pull/476
  4. https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-vr49-3vf8-7j5h

4

TypeTargetConfidenceTier
WeaknessBuffer Copy without Checking Size of Input ('Classic Buffer Overflow')cwe-1200%live
WeaknessImproper Handling of Length Parameter Inconsistencycwe-1300%live
WeaknessUnchecked Return Valuecwe-2520%live
WeaknessOut-of-bounds Writecwe-7870%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-22047
CVE
CVE-2026-22255
CVE
CVE-2026-22046
CVE
CVE-2026-21682
CVE
CVE-2026-24405
CVE
CVE-2026-21679
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.