H02332

**Name of the Vulnerable Software and Affected Versions** libIccProfLib2 version 2.1.15 International Color Consortium DemoIccMAX version 79ecb74 **Description** The issue is related to a NULL pointer dereference in the `CIccXformMatrixTRC::GetCurve` method within the `IccCmm.cpp` file. This occurs when processing a maliciously crafted input. The `GetCurve` method is part of the `CIccXformMatrixTRC` class. No information is provided about the estimated number of potentially affected devices or real-world incidents. **Recommendations** For libIccProfLib2 version 2.1.15, consider disabling the `CIccXformMatrixTRC::GetCurve` method until a patch is available. For International Color Consortium DemoIccMAX version 79ecb74, restrict access to the `IccCmm.cpp` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.