CNNVD-202601-4263 Information

Jan 24, 2026 cve

CNNVD ID

CNNVD-202601-4263

CVE-2026-24409

CNNVD Published: 2026-01-24

Description (Chinese)

iccDEV是International Color Consortium开源的一个颜色配置代码库。 iccDEV 2.3.1.1及之前版本存在安全漏洞，该漏洞源于CIccTagXmlFloatNum<>::ParseXml存在未定义行为和空指针取消引用，可能导致拒绝服务、数据操纵或代码执行。

Description (English)

iccDEV is a colour configuration code library of the International Color Consortium open source. iccDEV 2.3.1.1 and previous versions have a security loophole, which stems from the existence of undefined behaviour and the cancellation of references by the ParseXml, which may lead to the denial of services, data manipulation or code enforcement.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

International Color Consortium

Published

2026-01-24

Last Modified

2026-02-24

References

https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-398v-jvcg-p8f3 https://github.com/InternationalColorConsortium/iccDEV/commit/9f134c44895edd2edca4bcb97e15c0ba9aa77382 https://github.com/InternationalColorConsortium/iccDEV/issues/484 https://access.redhat.com/security/cve/cve-2026-24409

Patch

https://github.com/InternationalColorConsortium/iccDEV/releases

Share on: