CNNVD-202602-534 Information
CNNVD ID
CNNVD-202602-534
Related CVE
- CNNVD Published: 2026-02-04
Description (Chinese)
iccDEV是International Color Consortium开源的一个颜色配置代码库。 iccDEV 2.3.1.3之前版本存在安全漏洞,该漏洞源于CIccTagFloatNum<>::GetValues函数存在栈缓冲区溢出,可能导致处理特制ICC文件时越界写入、内存损坏、信息泄露或代码执行。
Description (English)
iccDEV is a colour configuration code library of the International Color Consortium open source. The previous version of iccDEV 2.3.1.3 contains a security loophole, which originates from the CIccTagFloatNum <:::GetValues function, which may result in cross-border writing, memory damage, leaking of information or code enforcement when dealing with specially created ICC documents.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
International Color Consortium
Published
2026-02-04
Last Modified
2026-02-24
References
https://github.com/InternationalColorConsortium/iccDEV/commit/c9cb108f58683bd87afca616dea3e4cdb884c23f https://github.com/InternationalColorConsortium/iccDEV/issues/551 https://github.com/InternationalColorConsortium/iccDEV/pull/565 https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-xjr3-v3vr-5794
Patch
https://github.com/InternationalColorConsortium/iccDEV/releases
Share on: