Home

Description

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, stack-based buffer overflow in icFixXml() function when processing malformed ICC profiles, allows potential arbitrary code execution through crafted NamedColor2 tags. This issue has been patched in version 2.3.1.2.

PUBLISHED Reserved 2026-02-02 | Published 2026-02-03 | Updated 2026-02-04 | Assigner GitHub_M




HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Problem types

CWE-121: Stack-based Buffer Overflow

CWE-787: Out-of-bounds Write

Product status

< 2.3.1.2
affected

References

github.com/InternationalColorConsortium/iccDEV/issues/537 exploit

github.com/...iccDEV/security/advisories/GHSA-c2qq-jf7w-rm27

github.com/InternationalColorConsortium/iccDEV/issues/537

github.com/InternationalColorConsortium/iccDEV/pull/545

github.com/...ommit/be5d7ec5cc137c084c08006aee8cd3ed378c7ac2

cve.org (CVE-2026-25502)

nvd.nist.gov (CVE-2026-25502)

Download JSON