CNNVD-202601-1168 Information

CNNVD ID

CNNVD-202601-1168

Related CVE

CVE-2026-21679

• CNNVD Published: 2026-01-07

Description (Chinese)

iccDEV是International Color Consortium (ICC)开源的一个颜色配置代码库。 iccDEV 2.3.1.2之前版本存在输入验证错误漏洞，该漏洞源于CIccLocalizedUnicode::GetText()中存在堆缓冲区溢出。

Description (English)

iccDEV is an open-source colour configuration code library for International Color Consortium (ICC). The previous version of iccDEV 2.3.1.2 had an input validation error loophole, which originated from the spilling of the buffer zone in ciccLocalizedUnicode:GetText().

Hazard Level

Medium

Vulnerability Type

输入验证错误

Published

2026-01-07

Last Modified

2026-02-24

References

https://github.com/InternationalColorConsortium/iccDEV/commit/2eb25ab95f0db7664ec3850390b6f89e302e7039 https://github.com/InternationalColorConsortium/iccDEV/issues/328 https://github.com/InternationalColorConsortium/iccDEV/pull/329 https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-h4wg-473g-p5wc

Patch

https://github.com/InternationalColorConsortium/iccDEV/releases