CNNVD-202601-968 Information

Jan 06, 2026 cve

CNNVD ID

CNNVD-202601-968

CVE-2026-21494

  • CNNVD Published: 2026-01-06

Description (Chinese)

iccDEV是International Color Consortium (ICC)开源的一个颜色配置代码库。 iccDEV 2.3.1.2之前版本存在安全漏洞,该漏洞源于CIccTagLut8::Validate函数存在堆缓冲区溢出,可能导致堆缓冲区溢出攻击。

Description (English)

iccDEV is an open-source colour configuration code library for International Color Consortium (ICC). There was a security loophole in the previous version of iccDEV 2.3.1.2, which originated in the CIccTagLut8::Validate function, where there was a flood of buffer zones that could lead to an attack.

Hazard Level

High

Vulnerability Type

其他

Published

2026-01-06

Last Modified

2026-02-24

References

https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-hjxv-xr7w-84fc https://github.com/InternationalColorConsortium/iccDEV/commit/e91fe722ac54ce497d410153e7405090e0565d7b https://github.com/InternationalColorConsortium/iccDEV/commit/7c2cb719a9de1c00844e457e070d657314383ee3 https://github.com/InternationalColorConsortium/iccDEV/issues/398 https://access.redhat.com/security/cve/cve-2026-21494

Patch

https://github.com/InternationalColorConsortium/iccDEV/releases

Share on: