← Voltar para CVEs

CVE-2026-25585

HIGH

7.8

Descricao

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a vulnerability IccCmm.cpp:5793 when reading through index during ICC profile processing. The malformed ICC profile triggers improper array bounds validation in the color management module, resulting in an out-of-bounds read that can lead to memory disclosure or segmentation fault from accessing memory beyond the array boundary. This issue has been patched in version 2.3.1.3.

Detalhes CVE

Pontuacao CVSS v3.17.8

SeveridadeHIGH

Vetor CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vetor de ataqueLOCAL

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioREQUIRED

Publicado2/4/2026

Ultima modificacao2/18/2026

Fontenvd

Avistamentos honeypot0

Produtos afetados

color:iccdev

Fraquezas (CWE)

CWE-119CWE-125CWE-129CWE-787CWE-125

Referencias

https://github.com/InternationalColorConsortium/iccDEV/commit/ba81cd94b9c82b1d3905d45427badbd9d8adfa15(security-advisories@github.com)

https://github.com/InternationalColorConsortium/iccDEV/issues/552(security-advisories@github.com)

https://github.com/InternationalColorConsortium/iccDEV/pull/563(security-advisories@github.com)

https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-pmqx-q624-jg6w(security-advisories@github.com)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.