CNNVD-202601-1137 Information

CNNVD ID

CNNVD-202601-1137

Related CVE

CVE-2026-21683

• CNNVD Published: 2026-01-07

Description (Chinese)

iccDEV是International Color Consortium开源的一个颜色配置代码库。 iccDEV 2.3.1.2之前版本存在输入验证错误漏洞，该漏洞源于icStatusCMM::CIccEvalCompare::EvaluateProfile函数存在类型混淆。

Description (English)

iccDEV is a colour configuration code library of the International Color Consortium open source. The previous version of iccDEV 2.3.1.2 had an input authentication error loophole, which originated from the type of confusion in the icstatusCMM:ciccEvalCompare:EvaluateProfile function.

Hazard Level

Medium

Vulnerability Type

输入验证错误

Affected Vendor

International Color Consortium

Published

2026-01-07

Last Modified

2026-02-24

References

https://github.com/InternationalColorConsortium/iccDEV/issues/183 https://github.com/InternationalColorConsortium/iccDEV/pull/228 https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-f2wp-j3fr-938w

Patch

https://github.com/InternationalColorConsortium/iccDEV/releases