CNNVD-202601-4259 Information
CNNVD ID
CNNVD-202601-4259
Related CVE
- CNNVD Published: 2026-01-24
Description (Chinese)
iccDEV是International Color Consortium开源的一个颜色配置代码库。 iccDEV 2.3.1.1及之前版本存在安全漏洞,该漏洞源于CIccTagXmlSegmentedCurve::ToXml函数存在堆缓冲区溢出,可能导致拒绝服务、数据操纵、绕过应用逻辑和代码执行。
Description (English)
iccDEV is a colour configuration code library of the International Color Consortium open source. iccDEV 2.3.1.1 and previous versions have a security loophole, which originates from the CIccTagXmlSegmentedCurve:ToXml function, which has a flood of buffer zones, which may lead to denial of services, data manipulation, circumventing applied logic and code execution.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
International Color Consortium
Published
2026-01-24
Last Modified
2026-02-24
References
https://github.com/InternationalColorConsortium/iccDEV/issues/518 https://github.com/InternationalColorConsortium/iccDEV/commit/2be3b125933a57fe8b6624e9dfd69d8e5360bf70 https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-6rf4-63j2-cfrf https://access.redhat.com/security/cve/cve-2026-24412
Patch
https://github.com/InternationalColorConsortium/iccDEV/releases
Share on: