CVE-2026-25584 – A stack-buffer-overflow vulnerability in iccDEV... (How to Fix)

Q: What is the severity of CVE-2026-25584?

CVE-2026-25584 has a CVSS score of 7.8 (HIGH). A stack-buffer-overflow vulnerability in iccDEV's CIccTagFloatNum::GetValues() function allows memory corruption when processing malformed ICC color profiles. This could lead to information disclosure or remote code execution. Any application using iccDEV libraries to process ICC files is affected.

📋 TL;DR

A stack-buffer-overflow vulnerability in iccDEV's CIccTagFloatNum::GetValues() function allows memory corruption when processing malformed ICC color profiles. This could lead to information disclosure or remote code execution. Any application using iccDEV libraries to process ICC files is affected.

💻 Affected Systems

Products:

iccDEV library and any software using it

Versions: All versions prior to 2.3.1.3

Operating Systems: All platforms where iccDEV is used

Default Config Vulnerable: ⚠️ Yes

Notes: Any application that processes ICC color profiles using iccDEV libraries is vulnerable.

📦 What is this software?

Iccdev by Color

View all CVEs affecting Iccdev →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the application processing the ICC file, potentially leading to full system compromise.

🟠

Likely Case

Application crash (denial of service) or memory corruption leading to unstable behavior.

🟢

If Mitigated

Application crash with no further impact if memory protections (ASLR, DEP) are effective.

🌐 Internet-Facing: MEDIUM - Exploitation requires processing user-uploaded ICC files, which is common in web applications handling images.

🏢 Internal Only: LOW - Requires local file processing or internal systems handling ICC files.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting a malicious ICC file and getting it processed by vulnerable software.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.3.1.3

Vendor Advisory: https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-xjr3-v3vr-5794

Restart Required: Yes

Instructions:

1. Update iccDEV to version 2.3.1.3 or later. 2. Rebuild any applications using iccDEV libraries. 3. Restart affected services.

🔧 Temporary Workarounds

Input Validation

all

Implement strict validation of ICC files before processing

Sandbox Processing

all

Process ICC files in isolated containers or sandboxes

🧯 If You Can't Patch

Restrict upload/processing of ICC files to trusted sources only
Implement network segmentation to limit blast radius if exploitation occurs

🔍 How to Verify

Check if Vulnerable:

Check if your application uses iccDEV version <2.3.1.3

Check Version:

Check build configuration or dependency files for iccDEV version

Verify Fix Applied:

Verify iccDEV version is 2.3.1.3 or higher and applications have been rebuilt

📡 Detection & Monitoring

Log Indicators:

Application crashes when processing image files
Memory access violation errors

Network Indicators:

Unexpected ICC file uploads to web applications

SIEM Query:

Search for process crashes related to image processing or ICC file handling

📊 Metadata

CVE ID: CVE-2026-25584

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.02% exploit probability (4.1th percentile)

Published: February 4, 2026

Last Updated: February 18, 2026

🔗 References

https://github.com/InternationalColorConsortium/iccDEV/commit/c9cb108f58683bd87afca616dea3e4cdb884c23f Patch
https://github.com/InternationalColorConsortium/iccDEV/issues/551 Exploit,Issue Tracking,Vendor Advisory
https://github.com/InternationalColorConsortium/iccDEV/pull/565 Patch
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-xjr3-v3vr-5794 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-25584, you might also want to check these: