CVE-2026-25502

HIGH SEVERITY

CVSS Score & Metrics

Base Score

7.8 / 10

Vector String

                                        CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H                                    

Vulnerability Description

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, stack-based buffer overflow in icFixXml() function when processing malformed ICC profiles, allows potential arbitrary code execution through crafted NamedColor2 tags. This issue has been patched in version 2.3.1.2.

Vulnerability Details

Published Date

February 03, 2026

Last Modified

February 10, 2026

CWE ID

CWE-121

Source

NVD

Vendor

InternationalColorConsortium

Product

iccDEV

External References

https://github.com/InternationalColorConsortium/iccDEV/commit/be5d7ec5cc137c084c08006aee8cd3ed378c7ac2
https://github.com/InternationalColorConsortium/iccDEV/issues/537
https://github.com/InternationalColorConsortium/iccDEV/pull/545
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-c2qq-jf7w-rm27

CVE-2026-25502

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment