CNNVD-202601-1040 Information

Jan 06, 2026 cve

CNNVD ID

CNNVD-202601-1040

CVE-2026-21488

CNNVD Published: 2026-01-06

Description (Chinese)

iccDEV是International Color Consortium (ICC)开源的一个颜色配置代码库。 iccDEV 2.3.1.1及之前版本存在安全漏洞，该漏洞源于CIccTagText::Read函数存在越界读取、基于堆的缓冲区溢出以及空终止不当。

Description (English)

iccDEV is an open-source colour configuration code library for International Color Consortium (ICC). There is a security loophole in iccDEV 2.3.1.1 and earlier versions, which stems from the CIccTagText: The Read function has cross-border reading, pile-based buffer zone spills and inappropriate empty terminations.

Hazard Level

High

Vulnerability Type

其他

Published

2026-01-06

Last Modified

2026-02-24

References

https://github.com/InternationalColorConsortium/iccDEV/commit/9daaccceb231c43db8cab312ee5bbe9d2aa6b153 https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-4j2g-rvv4-86vg https://access.redhat.com/security/cve/cve-2026-21488

Patch

https://github.com/InternationalColorConsortium/iccDEV/releases

Share on: