CVE-2026-31797 is a heap out-of-bounds read vulnerability identified in the InternationalColorConsortium's iccDEV library, specifically in the CTiffImg::ReadLine() function. This vulnerability arises when iccApplyProfiles processes a specially crafted TIFF image, leading to reading beyond the allocated heap memory boundaries. Such out-of-bounds reads can cause unintended memory disclosure, potentially leaking sensitive information, or trigger application crashes, resulting in denial of service. The flaw is classified under CWE-125 (Out-of-bounds Read) and CWE-787 (Out-of-bounds Write), though the primary impact here is a read. The vulnerability affects all iccDEV versions before 2.3.1.5 and requires local access with user interaction to exploit, as the attacker must supply or induce processing of a malicious TIFF file. The CVSS v3.1 base score is 6.1, reflecting medium severity, with an attack vector of local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), unchanged scope (S:U), low confidentiality impact (C:L), no integrity impact (I:N), and high availability impact (A:H). No public exploits or widespread attacks have been reported to date. The vulnerability is mitigated by upgrading to iccDEV version 2.3.1.5 or later, where the issue has been resolved.

The primary impact of CVE-2026-31797 is potential memory disclosure and application crashes during the processing of crafted TIFF images using iccDEV. For organizations, this can lead to denial of service conditions in image processing workflows, potentially disrupting services that rely on ICC color profile application, such as printing, digital imaging, and color management systems. Memory disclosure, while limited in scope, could expose sensitive information residing in adjacent memory regions, posing confidentiality risks. Since exploitation requires local access and user interaction, remote exploitation is unlikely, limiting the threat to environments where untrusted TIFF files are processed locally or by users. However, in environments with automated image processing pipelines that accept user-supplied images, this vulnerability could be leveraged to cause crashes or leak memory contents. The absence of known exploits reduces immediate risk, but the vulnerability's presence in widely used color management libraries means that affected organizations should prioritize patching to avoid potential future exploitation.

To mitigate CVE-2026-31797, organizations should immediately upgrade iccDEV to version 2.3.1.5 or later, where the vulnerability is fixed. Additionally, implement strict input validation and sanitization for TIFF images before processing them with iccDEV to reduce the risk of crafted files triggering the vulnerability. Employ application-level sandboxing or containerization for image processing tasks to limit the impact of potential crashes or memory disclosures. Monitor and restrict local user access to systems performing ICC profile applications, especially in multi-user environments, to minimize exposure. Incorporate file integrity monitoring and scanning for anomalous TIFF files to detect potential exploitation attempts. Finally, maintain up-to-date software inventories and vulnerability management processes to ensure timely application of patches for iccDEV and related dependencies.