CNNVD-202601-4642 Information
CNNVD ID
CNNVD-202601-4642
Related CVE
- CNNVD Published: 2026-01-28
Description (Chinese)
iccDEV是International Color Consortium开源的一个颜色配置代码库。 iccDEV 2.3.1.2之前版本存在代码问题漏洞,该漏洞源于解析ICC配置文件XML时将浮点NaN值转换为无符号短整数类型时存在未定义行为,可能导致内存结构损坏和执行任意代码。
Description (English)
iccDEV is a colour configuration code library of the International Color Consortium open source. iccDEV 2.3.1.2 has a code problem loophole, which stems from the conversion of the floating point NN to a non-signed short time when decrypting the ICC configuration file XML Undefined behaviour exists when the integer type occurs, which may lead to damage to the memory structure and enforcement of any code.
Hazard Level
Medium
Vulnerability Type
代码问题
Affected Vendor
International Color Consortium
Published
2026-01-28
Last Modified
2026-02-24
References
https://github.com/InternationalColorConsortium/iccDEV/pull/541 https://github.com/InternationalColorConsortium/iccDEV/issues/532 https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-w585-cv3v-c396 https://github.com/InternationalColorConsortium/iccDEV/commit/5e53a5d25923b7794ba44e390e9b35d391f2b9c1 https://access.redhat.com/security/cve/cve-2026-24856
Patch
https://github.com/InternationalColorConsortium/iccDEV/releases
Share on: