Login Sign Up

CVE-2026-25585

7.8 HIGH
Denial of Service

📋 TL;DR

This vulnerability in iccDEV allows attackers to trigger an out-of-bounds read by providing a malformed ICC color profile. This can lead to memory disclosure or cause the application to crash with a segmentation fault. Any application using iccDEV libraries for ICC profile processing is affected.

💻 Affected Systems

Products:
  • iccDEV library and any software using iccDEV for ICC profile processing
Versions: All versions prior to 2.3.1.3
Operating Systems: All platforms where iccDEV is used
Default Config Vulnerable: ⚠️ Yes
Notes: Any application that processes ICC color profiles using iccDEV libraries is vulnerable by default when handling untrusted input.

📦 What is this software?

Iccdev by Color

View all CVEs affecting Iccdev →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Memory disclosure could leak sensitive information from the application's memory space, potentially exposing credentials, keys, or other confidential data.

🟠

Likely Case

Application crashes (segmentation fault) causing denial of service and potential data loss in processing workflows.

🟢

If Mitigated

With proper input validation and memory protection mechanisms, the impact is limited to application crashes without data leakage.

🌐 Internet-Facing: MEDIUM - Applications accepting untrusted ICC profiles from external sources are at risk, but exploitation requires specific malformed input.
🏢 Internal Only: LOW - Internal systems processing trusted ICC profiles have minimal exposure unless processing user-uploaded content.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting a specific malformed ICC profile, but no authentication is needed if the application processes external profiles.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.3.1.3

Vendor Advisory: https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-pmqx-q624-jg6w

Restart Required: Yes

Instructions:

1. Update iccDEV to version 2.3.1.3 or later. 2. Rebuild any applications using iccDEV libraries. 3. Restart affected services or applications.

🔧 Temporary Workarounds

Input validation for ICC profiles

all

Implement strict validation of ICC profile headers and structure before processing

Memory protection controls

linux

Enable ASLR and other memory protection mechanisms to reduce impact of memory disclosure

echo 2 > /proc/sys/kernel/randomize_va_space

🧯 If You Can't Patch

  • Restrict ICC profile processing to trusted sources only
  • Implement application-level sandboxing or containerization to limit impact of crashes

🔍 How to Verify

Check if Vulnerable:

Check if iccDEV version is below 2.3.1.3 in your application dependencies or linked libraries

Check Version:

iccdev --version or check library version in application build configuration

Verify Fix Applied:

Verify iccDEV version is 2.3.1.3 or higher and test with known malformed ICC profiles

📡 Detection & Monitoring

Log Indicators:

  • Segmentation fault errors
  • Memory access violation logs
  • Application crashes during ICC profile processing

Network Indicators:

  • Unusual ICC profile uploads
  • Repeated failed ICC processing requests

SIEM Query:

source="application.logs" AND ("segmentation fault" OR "access violation") AND "icc"

📊 Metadata

CVE ID: CVE-2026-25585
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-119
EPSS Score: 0.01% exploit probability (1.9th percentile)
Published: February 4, 2026
Last Updated: February 18, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-25585, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)