CNNVD-202601-4835 Information
CNNVD ID
CNNVD-202601-4835
Related CVE
- CNNVD Published: 2026-01-28
Description (Chinese)
iccDEV是International Color Consortium开源的一个颜色配置代码库。 iccDEV 2.3.1.2之前版本存在安全漏洞,该漏洞源于strlen函数尝试读取非空终止缓冲区时存在堆缓冲区过度读取,可能导致堆内存内容泄露和应用程序终止。
Description (English)
iccDEV is a colour configuration code library of the International Color Consortium open source. The previous version of iccDEV 2.3.1.2 had a security loophole, which stemmed from the overreading of piles of buffer zones when the stlen function attempted to read the non-empty termination of the buffer zone, which could lead to leaking memory content and the termination of applications.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
International Color Consortium
Published
2026-01-28
Last Modified
2026-02-24
References
https://github.com/InternationalColorConsortium/iccDEV/commit/3092499cd4d0775f4a716b999899f9c26f9bc614 https://github.com/InternationalColorConsortium/iccDEV/pull/540 https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-q8g2-mp32-3j7f
Patch
https://github.com/InternationalColorConsortium/iccDEV/releases
Share on: