Chris Cox

29 exploits Active since Jan 2026
CVE-2026-25583 WRITEUP HIGH WRITEUP
iccDEV < 2.3.1.3 - Heap Buffer Overflow via Malformed ICC Profile File
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow vulnerability in CIccFileIO::Read8() when processing malformed ICC profile files via unchecked fread operation. This issue has been patched in version 2.3.1.3.
CVSS 7.8
CVE-2026-25584 WRITEUP HIGH WRITEUP
iccDEV <2.3.1.3 - Memory Corruption
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a stack-buffer-overflow vulnerability in CIccTagFloatNum<>::GetValues(). This is triggered when processing a malformed ICC profile. The vulnerability allows an out-of-bounds write on the stack, potentially leading to memory corruption, information disclosure, or code execution when processing specially crafted ICC files. This issue has been patched in version 2.3.1.3.
CVSS 7.8
CVE-2026-25585 WRITEUP HIGH WRITEUP
iccdev < 2.3.1.3 - Out-of-bounds Read in IccCmm.cpp
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a vulnerability IccCmm.cpp:5793 when reading through index during ICC profile processing. The malformed ICC profile triggers improper array bounds validation in the color management module, resulting in an out-of-bounds read that can lead to memory disclosure or segmentation fault from accessing memory beyond the array boundary. This issue has been patched in version 2.3.1.3.
CVSS 7.8
CVE-2026-25634 WRITEUP HIGH WRITEUP
iccdev < 2.3.1.4 - Stack Buffer Overflow in CIccTagMultiProcessElement::Apply()
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to 2.3.1.4, SrcPixel and DestPixel stack buffers overlap in CIccTagMultiProcessElement::Apply() int IccTagMPE.cpp. This vulnerability is fixed in 2.3.1.4.
CVSS 7.8