CVE-2026-25503

Exploit

EPSS 0.06%
Veröffentlicht 03.02.2026 18:36:29
Zuletzt bearbeitet 10.02.2026 16:18:55
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, type confusion allowed malformed ICC profiles to trigger undefined behavior when loading invalid icImageEncodingType values causing denial of service. This issue has been patched in version 2.3.1.2.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Color ≫ Iccdev Version < 2.3.1.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.187

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	7.1	2.8	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

CWE-704 Incorrect Type Conversion or Cast

The product does not correctly convert an object, resource, or structure from one type to a different type.

CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-pf84-4c7q-x764

Patch

Vendor Advisory

https://github.com/InternationalColorConsortium/iccDEV/issues/539

Vendor Advisory

Exploit

Issue Tracking

https://github.com/InternationalColorConsortium/iccDEV/pull/547

Issue Tracking

https://github.com/InternationalColorConsortium/iccDEV/commit/353e6517a31cb6ac9fdd44ac0103bc2fadb25175

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-25503