Ubuntu 25.10 / 26.04 LTS : Little CMS vulnerability (USN-8250-1)

The remote Ubuntu 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8250-1 advisory. It was discovered that Little CMS incorrectly handled certain malformed ICC profiles. An attacker could possibly use this issue to cause Little CMS to...

USN-8250-1: Little CMS vulnerability

It was discovered that Little CMS incorrectly handled certain malformed ICC profiles. An attacker could possibly use this issue to cause Little CMS to crash, resulting in a denial of service...

PT-2026-39178

It was discovered that Little CMS incorrectly handled certain malformed ICC profiles. An attacker could possibly use this issue to cause Little CMS to crash, resulting in a denial of service...

USN-8209-1: Little CMS vulnerability

It was discovered that Little CMS incorrectly handled certain malformed ICC profiles. An attacker could use this issue to cause Little CMS to crash, resulting in a denial of service, or possibly execute arbitrary code...

EUVD-2026-17707

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior UB via a null-pointer member call in CIccCombinedConnectionConditions::CIccCombinedConnectionConditions reported by UBSan as...

CVE-2026-25584

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a stack-buffer-overflow vulnerability in CIccTagFloatNum::GetValues. This is triggered when processing a malformed ICC...

CVE-2026-25584

CVE-2026-25584 affects iccDEV prior to 2.3.1.3, where a stack-based buffer overflow occurs in the CIccTagFloatNum::GetValues()** when processing malformed ICC profiles. The issue allows an out-of-bounds write on the stack, potentially enabling memory corruption, information disclosure, or code ex...

EUVD-2026-5318

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a stack-buffer-overflow vulnerability in CIccTagFloatNum::GetValues. This is triggered when processing a malformed ICC...

EUVD-2026-5319

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow vulnerability in CIccFileIO::Read8 when processing malformed ICC profile files via unchecked fread...

CVE-2026-25583 iccDEV vulnerable to Heap Buffer Overflow in CIccFileIO::Read8()

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow vulnerability in CIccFileIO::Read8 when processing malformed ICC profile files via unchecked fread...

CVE-2026-25583 iccDEV vulnerable to Heap Buffer Overflow in CIccFileIO::Read8()

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow vulnerability in CIccFileIO::Read8 when processing malformed ICC profile files via unchecked fread...

CVE-2026-25502

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, stack-based buffer overflow in icFixXml function when processing malformed ICC profiles, allows potential arbitrary code execution...

PT-2026-6328

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.3 Description iccDEV is a set of libraries and tools for interacting with ICC color management profiles. A heap buffer overflow exists in the CIccFileIO::Read8 function when processing improperly formed ICC profi...

CVE-2026-25502

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, stack-based buffer overflow in icFixXml function when processing malformed ICC profiles, allows potential arbitrary code execution...

CVE-2026-25502

The CVE-2026-25502 issue affects iccDEV’s ICC color management libraries. A stack-based buffer overflow in the icFixXml() function occurs when processing malformed ICC profiles, enabling potential arbitrary code execution via crafted NamedColor2 tags. This vulnerability exists prior to version 2....

PT-2026-6297

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.2 Description iccDEV is a set of libraries and tools for interacting with ICC color management profiles. A type confusion issue existed in versions prior to 2.3.1.2, where malformed ICC profiles could trigger...