CVE-2026-25582

Summary

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow (read) vulnerability in CIccIO::WriteUInt16Float() when converting malformed XML to ICC profiles via iccFromXml tool. This issue has been patched in version 2.3.1.3.

Affected Software

VendorProductVersion RangeStatus
InternationalColorConsortiumiccDEV< 2.3.1.3affected

Weaknesses

  • CWE-122: CWE-122: Heap-based Buffer Overflow
  • CWE-119: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
  • CWE-787: CWE-787: Out-of-bounds Write

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References