CVE-2026-25583
Published: 04 February 2026
Summary
CVE-2026-25583 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Color Iccdev. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 0.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-2 requires timely identification, reporting, and correction of flaws, directly addressing this heap buffer overflow by mandating upgrades to the patched iccDEV version 2.3.1.3.
SI-16 enforces memory protection mechanisms such as ASLR, DEP, and heap cookies that directly mitigate exploitation of heap buffer overflows like the unchecked fread in CIccFileIO::Read8().
RA-5 mandates vulnerability scanning to identify systems running vulnerable iccDEV versions prior to 2.3.1.3 affected by this CVE.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Heap buffer overflow triggered by processing a malformed ICC profile file directly maps to user-assisted execution of malicious file content for RCE.
NVD Description
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow vulnerability in CIccFileIO::Read8() when processing malformed ICC profile files…
more
via unchecked fread operation. This issue has been patched in version 2.3.1.3.
Deeper analysisAI
CVE-2026-25583 is a heap buffer overflow vulnerability in the iccDEV library, a set of tools and libraries for interacting with, manipulating, and applying ICC color management profiles. The flaw resides in the CIccFileIO::Read8() function, triggered by an unchecked fread operation when processing malformed ICC profile files. It affects iccDEV versions prior to 2.3.1.3 and is associated with CWEs-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-122 (Heap-based Buffer Overflow), and CWE-787 (Out-of-bounds Write).
The vulnerability can be exploited by a local attacker with no required privileges who tricks a user into opening or processing a specially crafted malformed ICC profile file, necessitating user interaction. Exploitation requires low attack complexity and local access. Successful attacks can result in high confidentiality, integrity, and availability impacts, potentially allowing arbitrary code execution, data corruption, or system crashes, as evidenced by its CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
Mitigation is available via an update to iccDEV version 2.3.1.3, which patches the unchecked fread issue. Security advisories and resources detail the fix, including the patching commit (https://github.com/InternationalColorConsortium/iccDEV/commit/8a6df2d8dac1e971a18be66fa36e3a0d6584f919), issue discussion (https://github.com/InternationalColorConsortium/iccDEV/issues/558), pull request (https://github.com/InternationalColorConsortium/iccDEV/pull/562), and GitHub security advisory (https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-5ffg-r52h-fgw3). Practitioners should prioritize upgrading affected iccDEV deployments.
Details
- CWE(s)