Firstly, the bug was in fact a double free, so there is
no chance of arbitrary code execution unless your
systems malloc library is very buggy.
Secondly, the bug was present in a single utility,
iccdump, and is not a bug in icclib, and therefore
does not affect general ICC profile access
(ie. it affected no other programs other than iccdump in ArgyllCMS).
Thirdly, this was fixed in ArgllCMS Release 1.4.0 released
on 20th April, nearly a month ago.