CNNVD-202601-1968 Information
CNNVD ID
CNNVD-202601-1968
Related CVE
- CNNVD Published: 2026-01-13
Description (Chinese)
iccDEV是International Color Consortium开源的一个颜色配置代码库。 iccDEV 2.3.1.2之前版本存在安全漏洞,该漏洞源于SIccCalcOp::Describe()函数存在基于堆的缓冲区溢出。
Description (English)
iccDEV is a colour configuration code library of the International Color Consortium open source. The previous version of iccDEV 2.3.1.2 had a security loophole, which originated from the SIccCalcop::Describe() function, which had a pile-based buffer zone spill.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
International Color Consortium
Published
2026-01-13
Last Modified
2026-02-24
References
https://github.com/InternationalColorConsortium/iccDEV/commit/fa9a364c01fc2e59eb2291e1f9b1c1359b7d5329 https://github.com/InternationalColorConsortium/iccDEV/pull/475 https://github.com/InternationalColorConsortium/iccDEV/pull/476 https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-vr49-3vf8-7j5h https://access.redhat.com/security/cve/cve-2026-22861
Patch
https://www.color.org/index.xalter
Share on: