ГлавнаяУязвимости → CVE-2026-25502
7.8высокая

CVE-2026-25502

Описание

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, stack-based buffer overflow in icFixXml() function when processing malformed ICC profiles, allows potential arbitrary code execution through crafted NamedColor2 tags. This issue has been patched in version 2.3.1.2.

Затрагиваемое ПО
Color Iccdev
CVSS
Балл7.8 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Источники
https://github.com/InternationalColorConsortium/iccDEV/commit/be5d7ec5cc137c084c08006aee8cd3ed378c7ac2https://github.com/InternationalColorConsortium/iccDEV/issues/537https://github.com/InternationalColorConsortium/iccDEV/pull/545https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-c2qq-jf7w-rm27https://github.com/InternationalColorConsortium/iccDEV/issues/537