CNNVD-202601-1166 Information
CNNVD ID
CNNVD-202601-1166
Related CVE
- CNNVD Published: 2026-01-07
Description (Chinese)
iccDEV是International Color Consortium开源的一个颜色配置代码库。 iccDEV 2.3.1.2之前版本存在缓冲区错误漏洞,该漏洞源于IccTagXml()中存在堆缓冲区溢出。
Description (English)
iccDEV is a colour configuration code library of the International Color Consortium open source. The previous version of iccDEV 2.3.1.2 contained an error loophole in the buffer zone, which originated from the spilling of the buffer zone in IccTagXml.
Hazard Level
Medium
Vulnerability Type
缓冲区错误
Affected Vendor
International Color Consortium
Published
2026-01-07
Last Modified
2026-02-24
References
https://github.com/InternationalColorConsortium/iccDEV/commit/c6c0f1cf45b48db94266132ccda5280a1a33569d https://github.com/InternationalColorConsortium/iccDEV/issues/55 https://github.com/InternationalColorConsortium/iccDEV/pull/219 https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-9rp2-4c6g-hppf
Patch
https://github.com/InternationalColorConsortium/iccDEV/releases
Share on: