CNNVD-202601-973 Information

Jan 06, 2026 cve

CNNVD ID

CNNVD-202601-973

CVE-2026-21491

  • CNNVD Published: 2026-01-06

Description (Chinese)

iccDEV是International Color Consortium (ICC)开源的一个颜色配置代码库。 iccDEV 2.3.1.2之前版本存在安全漏洞,该漏洞源于CIccTagTextDescription存在Unicode缓冲区溢出,可能导致缓冲区溢出攻击。

Description (English)

iccDEV is an open-source colour configuration code library for International Color Consortium (ICC). There was a security loophole in the previous version of iccDEV 2.3.1.2, which originated from the presence of the Unicode buffer zone, which could lead to an attack.

Hazard Level

High

Vulnerability Type

其他

Published

2026-01-06

Last Modified

2026-02-24

References

https://github.com/InternationalColorConsortium/iccDEV/commit/e91fe722ac54ce497d410153e7405090e0565d7b https://github.com/InternationalColorConsortium/iccDEV/commit/7c2cb719a9de1c00844e457e070d657314383ee3 https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-4pv4-4x2x-6j88 https://github.com/InternationalColorConsortium/iccDEV/issues/396 https://access.redhat.com/security/cve/cve-2026-21491

Patch

https://github.com/InternationalColorConsortium/iccDEV/releases

Share on: