CVE-2026-25634
Unknown Unknown - Not Provided
Stack Buffer Overlap Vulnerability in iccDEV Color Management Library

Publication date: 2026-02-06

Last updated on: 2026-02-19

Assigner: GitHub, Inc.

Description
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to 2.3.1.4, SrcPixel and DestPixel stack buffers overlap in CIccTagMultiProcessElement::Apply() int IccTagMPE.cpp. This vulnerability is fixed in 2.3.1.4.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-06
Last Modified
2026-02-19
Generated
2026-06-16
AI Q&A
2026-02-06
EPSS Evaluated
2026-06-15
NVD
CVE-2026-25634
EUVD
EUVD-2026-5578
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
color iccdev to 2.3.1.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
CWE-682 The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-628 The product calls a function, procedure, or routine with arguments that are not correctly specified, leading to always-incorrect behavior and resultant weaknesses.
CWE-123 Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-25634 is a high-severity vulnerability in the iccDEV library, specifically in the function CIccTagMultiProcessElement::Apply(). The issue arises because the function uses memcpy to copy data between two stack buffers, SrcPixel and DestPixel, whose memory regions overlap. This overlap occurs due to improper validation of the size parameter controlling the copy, which is derived from the ICC profile's input channel count."}, {'type': 'paragraph', 'content': 'Because the source and destination buffers overlap during the memcpy operation, this can lead to undefined behavior such as memory corruption. The vulnerability stems from the lack of checks ensuring that the source and destination buffers do not overlap before copying.'}, {'type': 'paragraph', 'content': 'The vulnerability was fixed in version 2.3.1.4 by adding validation of channel counts before applying the color transform, relocating these checks to an earlier stage to catch invalid configurations, and returning errors instead of proceeding with unsafe memory operations.'}] [1, 2, 5]

Impact Analysis

This vulnerability can lead to memory corruption due to overlapping memcpy operations between stack buffers when processing ICC color profiles. Exploiting this flaw can cause denial of service by crashing the application or potentially enable arbitrary code execution within the vulnerable native library.

Attackers can craft malicious ICC profiles with manipulated tag tables, offsets, or size fields to trigger this vulnerability. Although the attacker cannot control the destination pointer, they can influence the size parameter, causing overlapping memory regions during the copy.

The impact includes high severity effects on confidentiality, integrity, and availability of the affected system, as indicated by the CVSS score of 7.8. Users processing ICC profiles with vulnerable versions of iccDEV are at risk.

Compliance Impact

I don't know

Detection Guidance

Detection of CVE-2026-25634 involves identifying the unsafe memcpy operation in the CIccTagMultiProcessElement::Apply() function where SrcPixel and DestPixel stack buffers overlap. This vulnerability can be detected by running the iccDEV library with AddressSanitizer and UndefinedBehaviorSanitizer enabled, which can catch memory overlaps and undefined behavior during execution.

A practical approach is to use Clang or GCC with sanitizers enabled to compile the iccDEV project and then run tests or processing of ICC profiles, especially crafted or suspicious ones, to trigger the vulnerability detection.

Example commands to detect the issue might include:

  • Compile iccDEV with sanitizers: `clang++ -fsanitize=address,undefined -g -o iccdev_test IccTagMPE.cpp ...`
  • Run the iccDEV test or profile application with a proof-of-concept ICC or TIFF file that triggers the overlap: `./iccdev_test apply-profile suspicious_profile.icc`
  • Monitor the output for AddressSanitizer reports indicating memcpy parameter overlap or memory corruption.

Additionally, reviewing logs or crash reports for memory corruption or segmentation faults during ICC profile processing can help detect exploitation attempts.

Mitigation Strategies

The primary mitigation step is to upgrade the iccDEV library to version 2.3.1.4 or later, where the vulnerability has been fixed by validating channel counts and preventing unsafe memcpy operations with overlapping buffers.

Until the upgrade can be applied, avoid processing untrusted or malformed ICC profiles that could exploit this vulnerability.

Implement input validation and sanitization on ICC profile data before processing to reduce the risk of triggering the vulnerability.

If possible, run the iccDEV processing in a sandboxed or restricted environment to limit the impact of potential exploitation.

Monitor for updates and security advisories from the iccDEV project and apply patches promptly.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25634. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart