CVE-2026-25502
Stack-Based Buffer Overflow in iccDEV Allows Code Execution
Publication date: 2026-02-03
Last updated on: 2026-02-10
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| color | iccdev | to 2.3.1.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-25502 is a stack-based buffer overflow vulnerability in the icFixXml() function of the iccDEV library, which is used for handling ICC color management profiles.
The vulnerability occurs because the function improperly processes certain malformed ICC profiles, specifically crafted NamedColor2 tags, where a string (rootName) is not guaranteed to be null-terminated. This leads to writing beyond the allocated stack buffer, causing memory corruption.
This buffer overflow can be triggered when converting ICC profiles to XML format, potentially allowing an attacker to execute arbitrary code or cause a denial of service.
The issue was fixed in version 2.3.1.2 by ensuring proper null-termination of the string to prevent overflow.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
CVE-2026-25502 is a stack-based buffer overflow vulnerability that allows potential arbitrary code execution when processing malformed ICC profiles. This can lead to unauthorized code execution, denial of service, and memory corruption in affected systems.
While the CVE description and resources do not explicitly mention compliance with standards such as GDPR or HIPAA, the high impact on confidentiality, integrity, and availability (as indicated by the CVSS score) implies that exploitation could compromise sensitive data or system reliability.
Therefore, organizations subject to regulations requiring protection of personal or sensitive data (e.g., GDPR, HIPAA) should consider this vulnerability a risk to compliance, as successful exploitation could lead to data breaches or system outages that violate these standards.
How can this vulnerability impact me? :
This vulnerability can have several impacts if exploited:
- Arbitrary code execution: An attacker can craft a malicious ICC profile that triggers the buffer overflow, potentially allowing execution of arbitrary code within the vulnerable application.
- Denial of service: The overflow can cause memory corruption leading to crashes or instability in applications processing ICC profiles.
- Bypassing application logic: Since ICC profiles contain metadata used by image-processing libraries, manipulating them can bypass logic relying on profile data.
The vulnerability requires local access and user interaction to exploit, but no special privileges are needed.
Overall, it poses a high impact on confidentiality, integrity, and availability of affected systems.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the processing of ICC profiles with the vulnerable iccDEV library, specifically by converting crafted ICC profile files that trigger the stack-based buffer overflow in the icFixXml() function.
A practical detection method involves using the iccToXml tool from iccDEV to convert a specially crafted ICC profile file that triggers the overflow. If the tool crashes or reports a stack-buffer-overflow error (e.g., detected by AddressSanitizer), the vulnerability is present.
Suggested command example to detect the vulnerability (assuming you have the PoC ICC file named stack-buffer-overflow-icFixXml-CIccTagXmlNamedColor2-ToXml-IccUtilXml_cpp-Line333.icc):
- Run the iccToXml tool on the crafted ICC file: ./iccToXml stack-buffer-overflow-icFixXml-CIccTagXmlNamedColor2-ToXml-IccUtilXml_cpp-Line333.icc
If AddressSanitizer or UndefinedBehaviorSanitizer is enabled during the build of iccDEV, the tool will report a stack-buffer-overflow error indicating the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
The immediate and recommended mitigation step is to upgrade the iccDEV library to version 2.3.1.2 or later, where the vulnerability has been patched.
No workarounds are provided, so applying the official patch or upgrading to the fixed version is necessary to prevent exploitation.
Additionally, avoid processing untrusted or malformed ICC profiles until the update is applied to reduce the risk of exploitation.