CVE-2026-25503

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, type confusion allowed malformed ICC profiles to trigger undefined behavior when loading invalid icImageEncodingType values causing denial of service. This issue has been patched in version 2.3.1.2.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/InternationalColorConsortium/iccDEV/commit/353e6517a31cb6ac9fdd44ac0103bc2fadb25175	Patch
https://github.com/InternationalColorConsortium/iccDEV/issues/539	Exploit Issue Tracking Vendor Advisory
https://github.com/InternationalColorConsortium/iccDEV/pull/547	Issue Tracking
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-pf84-4c7q-x764	Patch Vendor Advisory
https://github.com/InternationalColorConsortium/iccDEV/issues/539	Exploit Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-02-03 19:16

Updated : 2026-02-10 16:18

NVD link : CVE-2026-25503

Mitre link : CVE-2026-25503

CVE.ORG link : CVE-2026-25503

JSON object : View

Products Affected

color

iccdev

CWE

CWE-704

Incorrect Type Conversion or Cast

CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')

{"id": "CVE-2026-25503", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 2.8}]}, "published": "2026-02-03T19:16:27.127", "references": [{"url": "https://github.com/InternationalColorConsortium/iccDEV/commit/353e6517a31cb6ac9fdd44ac0103bc2fadb25175", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/InternationalColorConsortium/iccDEV/issues/539", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/InternationalColorConsortium/iccDEV/pull/547", "tags": ["Issue Tracking"], "source": "security-advisories@github.com"}, {"url": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-pf84-4c7q-x764", "tags": ["Patch", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/InternationalColorConsortium/iccDEV/issues/539", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-704"}, {"lang": "en", "value": "CWE-843"}]}], "descriptions": [{"lang": "en", "value": "iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, type confusion allowed malformed ICC profiles to trigger undefined behavior when loading invalid icImageEncodingType values causing denial of service. This issue has been patched in version 2.3.1.2."}, {"lang": "es", "value": "iccDEV proporciona un conjunto de librer\u00edas y herramientas que permiten la interacci\u00f3n, manipulaci\u00f3n y aplicaci\u00f3n de perfiles de gesti\u00f3n de color ICC. Antes de la versi\u00f3n 2.3.1.2, una confusi\u00f3n de tipos permit\u00eda a perfiles ICC malformados desencadenar un comportamiento indefinido al cargar valores de icImageEncodingType no v\u00e1lidos, causando una denegaci\u00f3n de servicio. Este problema ha sido parcheado en la versi\u00f3n 2.3.1.2."}], "lastModified": "2026-02-10T16:18:55.040", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D34CF745-E75A-4F1C-AD7B-9AC1A2E9F680", "versionEndExcluding": "2.3.1.2"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}