CNNVD-202602-278 Information

Feb 03, 2026 cve

CNNVD ID

CNNVD-202602-278

CVE-2026-25502

  • CNNVD Published: 2026-02-03

Description (Chinese)

iccDEV是International Color Consortium开源的一个颜色配置代码库。 iccDEV 2.3.1.2之前版本存在缓冲区错误漏洞,该漏洞源于处理畸形ICC配置文件时icFixXml函数存在基于栈的缓冲区溢出,可能导致执行任意代码。

Description (English)

iccDEV is a colour configuration code library of the International Color Consortium open source. The previous version of iccDEV 2.3.1.2 had an error loophole in the buffer zone, which stemmed from the presence of an icFixXml function based on a barrage at the time of processing the malformation ICC configuration document, which could lead to the implementation of any code.

Hazard Level

High

Vulnerability Type

缓冲区错误

Affected Vendor

International Color Consortium

Published

2026-02-03

Last Modified

2026-02-24

References

https://github.com/InternationalColorConsortium/iccDEV/issues/537 https://github.com/InternationalColorConsortium/iccDEV/pull/545 https://github.com/InternationalColorConsortium/iccDEV/commit/be5d7ec5cc137c084c08006aee8cd3ed378c7ac2 https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-c2qq-jf7w-rm27 https://access.redhat.com/security/cve/cve-2026-25502

Patch

https://github.com/InternationalColorConsortium/iccDEV/releases

Share on: