CNNVD-202601-1173 Information
CNNVD ID
CNNVD-202601-1173
Related CVE
- CNNVD Published: 2026-01-07
Description (Chinese)
iccDEV是International Color Consortium (ICC)开源的一个颜色配置代码库。 iccDEV 2.3.1.2之前版本存在安全漏洞,该漏洞源于CIccTagSparseMatrixArray中将空指针传递给memcpy()导致未定义行为。
Description (English)
iccDEV is an open-source colour configuration code library for International Color Consortium (ICC). The previous version of iccDEV 2.3.1.2 had a security loophole, which originated from the passing of the blank pointer to memcpy () by the CIAccTagSparseMatrix Array.
Hazard Level
High
Vulnerability Type
其他
Published
2026-01-07
Last Modified
2026-02-24
References
https://github.com/InternationalColorConsortium/iccDEV/commit/55259a6395c4f6124b5d0e38469c77412926bd3d https://github.com/InternationalColorConsortium/iccDEV/issues/367 https://github.com/InternationalColorConsortium/iccDEV/pull/417 https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-h554-qrfh-53gx
Patch
https://github.com/InternationalColorConsortium/iccDEV/releases
Share on: