top of page
perceptive_background_267k.jpg

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.…

Published:

3 February 2026 at 23:00:00

Alert date:

4 February 2026 at 23:02:35

Source:

nvd.nist.gov

Click to open the original link from this advisory

Supply Chain & Dependencies

A heap buffer overflow vulnerability exists in iccDEV's CIccIO::WriteUInt16Float() function when converting malformed XML to ICC profiles using the iccFromXml tool. The vulnerability affects versions prior to 2.3.1.3 and has been patched in version 2.3.1.3. iccDEV provides libraries and tools for ICC color management profile interaction and manipulation. The vulnerability is triggered when processing malformed XML input during ICC profile conversion operations.

Technical details

Mitigation steps:

Affected products:

iccDEV

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-25582
https://github.com/InternationalColorConsortium/iccDEV/commit/b5e5dd238f609ec1a4efb25674e7fa4bd29d894a
https://github.com/InternationalColorConsortium/iccDEV/issues/559
https://github.com/InternationalColorConsortium/iccDEV/pull/561
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-46hq-fphp-jggf

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page