CVE-2026-25634

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to 2.3.1.4, SrcPixel and DestPixel stack buffers overlap in CIccTagMultiProcessElement::Apply() int IccTagMPE.cpp. This vulnerability is fixed in 2.3.1.4.
Configurations

Configuration 1 (hide)

cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*

History

19 Feb 2026, 17:55

Type Values Removed Values Added
CWE CWE-787
CPE cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*
First Time Color
Color iccdev
References () https://github.com/InternationalColorConsortium/iccDEV/commit/9206e0b8684e4cf4186d9ae768f16760bc1af9ff - () https://github.com/InternationalColorConsortium/iccDEV/commit/9206e0b8684e4cf4186d9ae768f16760bc1af9ff - Patch
References () https://github.com/InternationalColorConsortium/iccDEV/issues/577 - () https://github.com/InternationalColorConsortium/iccDEV/issues/577 - Exploit, Issue Tracking, Third Party Advisory
References () https://github.com/InternationalColorConsortium/iccDEV/pull/579 - () https://github.com/InternationalColorConsortium/iccDEV/pull/579 - Issue Tracking
References () https://github.com/InternationalColorConsortium/iccDEV/releases/tag/v2.3.1.4 - () https://github.com/InternationalColorConsortium/iccDEV/releases/tag/v2.3.1.4 - Product, Release Notes
References () https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-35rg-jcmp-583h - () https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-35rg-jcmp-583h - Third Party Advisory

06 Feb 2026, 21:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-02-06 21:16

Updated : 2026-02-19 17:55


NVD link : CVE-2026-25634

Mitre link : CVE-2026-25634

CVE.ORG link : CVE-2026-25634


JSON object : View

Products Affected

color

  • iccdev
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-123

Write-what-where Condition

CWE-628

Function Call with Incorrectly Specified Arguments

CWE-682

Incorrect Calculation

CWE-787

Out-of-bounds Write