CVE-2026-25582

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow (read) vulnerability in CIccIO::WriteUInt16Float() when converting malformed XML to ICC profiles via iccFromXml tool. This issue has been patched in version 2.3.1.3.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/InternationalColorConsortium/iccDEV/commit/b5e5dd238f609ec1a4efb25674e7fa4bd29d894a	Patch
https://github.com/InternationalColorConsortium/iccDEV/issues/559	Exploit Issue Tracking
https://github.com/InternationalColorConsortium/iccDEV/pull/561	Issue Tracking
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-46hq-fphp-jggf	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-02-04 22:16

Updated : 2026-02-18 18:48

NVD link : CVE-2026-25582

Mitre link : CVE-2026-25582

CVE.ORG link : CVE-2026-25582

JSON object : View

Products Affected

color

iccdev

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-122

Heap-based Buffer Overflow

CWE-787

Out-of-bounds Write

{"id": "CVE-2026-25582", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2026-02-04T22:16:01.393", "references": [{"url": "https://github.com/InternationalColorConsortium/iccDEV/commit/b5e5dd238f609ec1a4efb25674e7fa4bd29d894a", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/InternationalColorConsortium/iccDEV/issues/559", "tags": ["Exploit", "Issue Tracking"], "source": "security-advisories@github.com"}, {"url": "https://github.com/InternationalColorConsortium/iccDEV/pull/561", "tags": ["Issue Tracking"], "source": "security-advisories@github.com"}, {"url": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-46hq-fphp-jggf", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-122"}, {"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow (read) vulnerability in CIccIO::WriteUInt16Float() when converting malformed XML to ICC profiles via iccFromXml tool. This issue has been patched in version 2.3.1.3."}, {"lang": "es", "value": "iccDEV proporciona un conjunto de librer\u00edas y herramientas que permiten la interacci\u00f3n, manipulaci\u00f3n y aplicaci\u00f3n de perfiles de gesti\u00f3n de color ICC. Antes de la versi\u00f3n 2.3.1.3, existe una vulnerabilidad de desbordamiento de b\u00fafer de mont\u00f3n (lectura) en CIccIO::WriteUInt16Float() al convertir XML malformado a perfiles ICC a trav\u00e9s de la herramienta iccFromXml. Este problema ha sido parcheado en la versi\u00f3n 2.3.1.3."}], "lastModified": "2026-02-18T18:48:30.107", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35AA9083-F043-455B-85D4-E21897D1C8A7", "versionEndExcluding": "2.3.1.3"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}