CNNVD-202602-276 Information

Feb 03, 2026 cve

CNNVD ID

CNNVD-202602-276

CVE-2026-25503

  • CNNVD Published: 2026-02-03

Description (Chinese)

iccDEV是International Color Consortium开源的一个颜色配置代码库。 iccDEV 2.3.1.2之前版本存在安全漏洞,该漏洞源于类型混淆导致加载无效icImageEncodingType值时触发未定义行为,可能导致拒绝服务。

Description (English)

iccDEV is a colour configuration code library of the International Color Consortium open source. The previous version of iccDEV 2.3.1.2 had a security loophole, which stemmed from the confusion of types that triggered undefined behaviour when the icImage EncodingType values were loaded and could lead to the denial of services.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

International Color Consortium

Published

2026-02-03

Last Modified

2026-02-24

References

https://github.com/InternationalColorConsortium/iccDEV/issues/539 https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-pf84-4c7q-x764 https://github.com/InternationalColorConsortium/iccDEV/commit/353e6517a31cb6ac9fdd44ac0103bc2fadb25175 https://github.com/InternationalColorConsortium/iccDEV/pull/547 https://access.redhat.com/security/cve/cve-2026-25503

Patch

https://github.com/InternationalColorConsortium/iccDEV/releases

Share on: