CNNVD-202601-4261 Information
CNNVD ID
CNNVD-202601-4261
Related CVE
- CNNVD Published: 2026-01-24
Description (Chinese)
iccDEV是International Color Consortium开源的一个颜色配置代码库。 iccDEV 2.3.1.1及之前版本存在安全漏洞,该漏洞源于CIccProfileXml::ParseBasic函数存在未定义行为和空指针取消引用,可能导致拒绝服务、数据操纵、绕过应用逻辑和代码执行。
Description (English)
iccDEV is a colour configuration code library of the International Color Consortium open source. iccDEV 2.3.1.1 and previous versions contain a security loophole which stems from the existence of undefined behaviour and empty pointer cancellation references in the CIccProfileXml::: ParseBasic function, which may lead to denial of service, data manipulation, circumvention of applied logic and code execution.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
International Color Consortium
Published
2026-01-24
Last Modified
2026-02-24
References
https://github.com/InternationalColorConsortium/iccDEV/commit/3cf522b13832692b107322cd51c4ae5c3a21f366 https://github.com/InternationalColorConsortium/iccDEV/issues/507 https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-398q-4rpv-3v9r https://access.redhat.com/security/cve/cve-2026-24410
Patch
https://github.com/InternationalColorConsortium/iccDEV/releases
Share on: