iccDEV vulnerable to Stack-based Buffer Overflow in CIccTagFloatNum::GetValues()_CVE-2026-25584

7.8 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a stack-buffer-overflow vulnerability in CIccTagFloatNum<>::GetValues(). This is triggered when processing a malformed ICC profile. The vulnerability allows an out-of-bounds write on the stack, potentially leading to memory corruption, information disclosure, or code execution when processing specially crafted ICC files. This issue has been patched in version 2.3.1.3.

Basic Information

ID CVE-2026-25584

Source GitHub_M

Published Feb 4, 2026 at 22:11

Affected Product

Vendor InternationalColorConsortium

Product iccDEV

Version < 2.3.1.3

Affected Versions InternationalColorConsortium iccDEV < 2.3.1.3

CWE Classification

CWE-119 CWE-121 CWE-787 CWE-788

References

{
    "lastseen": "",
    "description": "iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a stack-buffer-overflow vulnerability in CIccTagFloatNum<>::GetValues(). This is triggered when processing a malformed ICC profile. The vulnerability allows an out-of-bounds write on the stack, potentially leading to memory corruption, information disclosure, or code execution when processing specially crafted ICC files. This issue has been patched in version 2.3.1.3.",
    "published": "2026-02-04T22:11:10.830Z",
    "modified": "2026-02-04T22:11:10.830Z",
    "type": "cve",
    "title": "iccDEV vulnerable to Stack-based Buffer Overflow in CIccTagFloatNum::GetValues()",
    "source": "GitHub_M",
    "references": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-xjr3-v3vr-5794\nhttps://github.com/InternationalColorConsortium/iccDEV/issues/551\nhttps://github.com/InternationalColorConsortium/iccDEV/pull/565\nhttps://github.com/InternationalColorConsortium/iccDEV/commit/c9cb108f58683bd87afca616dea3e4cdb884c23f",
    "id": "CVE-2026-25584",
    "bulletinFamily": "",
    "cwe": [
        "CWE-119",
        "CWE-121",
        "CWE-787",
        "CWE-788"
    ],
    "cvelist": null,
    "sourceData": "InternationalColorConsortium iccDEV < 2.3.1.3",
    "sourceHref": "",
    "cvss": {
        "score": 7.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "iccDEV",
    "version": "< 2.3.1.3",
    "vendor": "InternationalColorConsortium",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}