{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T02:29:27.746","vulnerabilities":[{"cve":{"id":"CVE-2026-25502","sourceIdentifier":"security-advisories@github.com","published":"2026-02-03T19:16:26.963","lastModified":"2026-02-10T16:18:43.340","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, stack-based buffer overflow in icFixXml() function when processing malformed ICC profiles, allows potential arbitrary code execution through crafted NamedColor2 tags. This issue has been patched in version 2.3.1.2."},{"lang":"es","value":"iccDEV proporciona un conjunto de librerías y herramientas que permiten la interacción, manipulación y aplicación de perfiles de gestión de color ICC. Antes de la versión 2.3.1.2, un desbordamiento de búfer basado en pila en la función icFixXml() al procesar perfiles ICC malformados, permite la posible ejecución de código arbitrario a través de etiquetas NamedColor2 manipuladas. Este problema ha sido parcheado en la versión 2.3.1.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-121"},{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*","versionEndExcluding":"2.3.1.2","matchCriteriaId":"D34CF745-E75A-4F1C-AD7B-9AC1A2E9F680"}]}]}],"references":[{"url":"https://github.com/InternationalColorConsortium/iccDEV/commit/be5d7ec5cc137c084c08006aee8cd3ed378c7ac2","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/InternationalColorConsortium/iccDEV/issues/537","source":"security-advisories@github.com","tags":["Exploit","Issue Tracking","Vendor Advisory"]},{"url":"https://github.com/InternationalColorConsortium/iccDEV/pull/545","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-c2qq-jf7w-rm27","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]},{"url":"https://github.com/InternationalColorConsortium/iccDEV/issues/537","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking","Vendor Advisory"]}]}}]}