CVE-2026-25502 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.…
High CVSS: 7.8

CVE-2026-25502

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, stack-based buffer overflow in icFixXml() function when processing malformed ICC profiles, allows potential arbitrary code execution through crafted NamedColor2 tags. This issue has been patched in version 2.3.1.2.
Vendor
Color
Product
Iccdev
CWE
CWE-121
Yayın Tarihi
2026-02-03 19:16:26
Güncelleme
2026-02-10 16:18:43
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-121 Iccdev HIGH Color 2026

Referanslar

https://github.com/InternationalColorConsortium/iccDEV/commit/be5d7ec5cc137c084c08006aee8cd3ed378c7ac2 https://github.com/InternationalColorConsortium/iccDEV/issues/537 https://github.com/InternationalColorConsortium/iccDEV/pull/545 https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-c2qq-jf7w-rm27 https://github.com/InternationalColorConsortium/iccDEV/issues/537