CNNVD-202601-4260 Information
CNNVD ID
CNNVD-202601-4260
Related CVE
- CNNVD Published: 2026-01-24
Description (Chinese)
iccDEV是International Color Consortium开源的一个颜色配置代码库。 iccDEV 2.3.1.1及之前版本存在安全漏洞,该漏洞源于CIccTagXmlSegmentedCurve::ToXml函数存在未定义行为,可能导致拒绝服务、数据操纵、绕过应用逻辑和代码执行。
Description (English)
iccDEV is a colour configuration code library of the International Color Consortium open source. iccDEV 2.3.1.1 and previous versions contain a security loophole that stems from the undefined behaviour of the CIccTagXmlSegmentedCurve:ToXml function, which may lead to denial of services, data manipulation, circumvention of applied logic and code execution.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
International Color Consortium
Published
2026-01-24
Last Modified
2026-02-24
References
https://github.com/InternationalColorConsortium/iccDEV/commit/d6d6f51a999d4266ec09347cac7e0930d6e02eec https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-x53f-7h27-9fc8 https://github.com/InternationalColorConsortium/iccDEV/issues/499 https://access.redhat.com/security/cve/cve-2026-24411
Patch
https://github.com/InternationalColorConsortium/iccDEV/releases
Share on: