Security

Report a vulnerability

SECURITY.md

Reporting Security Issues

The International Color Consoritum (ICC) takes security very seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.

To report a security issue, please use the GitHub Security Advisory "Report a Vulnerability" tab.

The ICC will send a response indicating the next steps in handling your report. After the initial reply to your report, the security team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.

Type Confusion in ToXmlCurve() at IccXML/IccLibXML/IccMpeXml.cpp
GHSA-2pjj-3c98-qp37 published Jan 4, 2026 by xsscx

High
Type Confusion in CIccSegmentedCurveXml::ToXml() at IccXML/IccLibXML/IccMpeXml.cpp
GHSA-v3q7-7hw6-6jq8 published Jan 4, 2026 by xsscx

High
Type Confusion in ToXmlCurve() at IccXML/IccLibXML/IccMpeXml.cpp
GHSA-7662-mf46-wr88 published Jan 4, 2026 by xsscx

High
Type Confusion in CIccTag:IsTypeCompressed()
GHSA-c9q5-x498-jv92 published Jan 4, 2026 by xsscx

Moderate
Type Confusion in CIccTagXmlTagData::ToXml()
GHSA-2f26-vh48-38g6 published Jan 4, 2026 by xsscx

Moderate
Type Confusion in CIccProfileXml::ParseBasic() at IccXML/IccLibXML/IccProfileXml.cpp
GHSA-5rqc-w93q-589m published Jan 4, 2026 by xsscx

Moderate
Type Confusion in SIccCalcOp::ArgsPushed() at IccProfLib/IccMpeCalc.cpp
GHSA-3r2x-j7v3-pg6f published Jan 4, 2026 by xsscx

High
Heap Buffer Overflow in IccTagXml()
GHSA-xqq3-g894-w2h5 published Jan 3, 2026 by xsscx

High
Undefined Behavior in CIccTagCurve::CIccTagCurve()
GHSA-prmm-g479-4fv7 published Jan 3, 2026 by xsscx

High
Undefined Behavior in CIccTagLutAtoB::Validate()
GHSA-792q-cqq9-mq4x published Jan 3, 2026 by xsscx

High

Learn more about advisories related to InternationalColorConsortium/iccDEV in the GitHub Advisory Database