CVE-2026-25584
Published: 04 February 2026
Summary
CVE-2026-25584 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Color Iccdev. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 0.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires timely remediation of the stack-buffer-overflow flaw in iccDEV by patching to version 2.3.1.3.
Provides memory protections such as stack canaries, ASLR, and DEP to block exploitation of the out-of-bounds stack write in CIccTagFloatNum::GetValues().
Mandates validation of ICC profile inputs to detect and reject malformed files before processing triggers the buffer overflow.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack buffer overflow in client-side ICC profile library enables arbitrary code execution via crafted file opened by user (T1204.002), directly mapping to client application exploitation (T1203).
NVD Description
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a stack-buffer-overflow vulnerability in CIccTagFloatNum<>::GetValues(). This is triggered when processing a malformed ICC…
more
profile. The vulnerability allows an out-of-bounds write on the stack, potentially leading to memory corruption, information disclosure, or code execution when processing specially crafted ICC files. This issue has been patched in version 2.3.1.3.
Deeper analysisAI
CVE-2026-25584 is a stack-buffer-overflow vulnerability in the iccDEV libraries and tools, which facilitate interaction, manipulation, and application of ICC color management profiles. The flaw resides in the CIccTagFloatNum<>::GetValues() function and affects versions prior to 2.3.1.3. It is triggered when processing a malformed ICC profile, resulting in an out-of-bounds write on the stack. This issue is associated with CWEs-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-121 (Stack-based Buffer Overflow), CWE-787 (Out-of-bounds Write), and CWE-788 (Access of Memory Location After End of Buffer), and carries a CVSS v3.1 base score of 7.8.
An attacker with local access can exploit this vulnerability by supplying a specially crafted ICC file, requiring low attack complexity and user interaction, such as convincing a user to open or process the file in an application leveraging iccDEV. No privileges are needed (PR:N). Successful exploitation could lead to stack memory corruption, information disclosure, or arbitrary code execution, with high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H).
The vulnerability has been addressed in iccDEV version 2.3.1.3. Mitigation involves updating to this patched version, as detailed in the project's security advisory (GHSA-xjr3-v3vr-5794), the associated GitHub issue (#551), pull request (#565), and the fixing commit (c9cb108f58683bd87afca616dea3e4cdb884c23f).
Details
- CWE(s)