anonhaven
Ad

CVE-2026-25582

HIGH CVSS 3.1: 7.8 EPSS 0.00%
Updated Feb 05, 2026
iccDEV
Parameter Value
CVSS 7.8 (HIGH)
Fixed In 2.3.1.3
Type CWE-122 (Heap-based Buffer Overflow (Переполнение буфера в куче)), CWE-119 (Buffer Overflow (Переполнение буфера)), CWE-787 (Out-of-bounds Write (Запись за границами))
Vendor iccDEV
Public PoC No

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow (read) vulnerability in CIccIO::WriteUInt16Float() when converting malformed XML to ICC profiles via iccFromXml tool. This issue has been patched in version 2.3.1.3.

Attack Parameters

Attack Vector
Local
Нужен локальный доступ
Attack Complexity
Low
Легко эксплуатировать
Privileges Required
None
Права не нужны
User Interaction
Required
Нужно действие пользователя

Impact Assessment

Confidentiality
High
Полная утечка данных
Integrity
High
Полная модификация данных
Availability
High
Полный отказ в обслуживании

CVSS Vector v3.1

Weakness Type (CWE)

CWE-122 Heap-based Buffer Overflow (Переполнение буфера в куче)
CWE-119 Buffer Overflow (Переполнение буфера)
CWE-787 Out-of-bounds Write (Запись за границами)

References 4

https://github.com/InternationalColorConsortium/iccDEV/commit/b5e5dd238f609ec1a…
security-advisories@github.com
https://github.com/InternationalColorConsortium/iccDEV/issues/559
security-advisories@github.com
https://github.com/InternationalColorConsortium/iccDEV/pull/561
security-advisories@github.com
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA…
security-advisories@github.com
Share Post Share Share Share