CNNVD-202602-535 Information
CNNVD ID
CNNVD-202602-535
Related CVE
- CNNVD Published: 2026-02-04
Description (Chinese)
iccDEV是International Color Consortium开源的一个颜色配置代码库。 iccDEV 2.3.1.3之前版本存在缓冲区错误漏洞,该漏洞源于CIccFileIO::Read8函数存在堆缓冲区溢出,可能导致处理畸形ICC配置文件时内存损坏。
Description (English)
iccDEV is a colour configuration code library of the International Color Consortium open source. The previous version of iccDEV 2.3.1.3 had an error loophole in the buffer zone, which originated in the CIccFileIO::Read8 function, which had spills over the buffer zone, which could lead to damage to memory during the processing of the abnormal ICC configuration file.
Hazard Level
High
Vulnerability Type
缓冲区错误
Affected Vendor
International Color Consortium
Published
2026-02-04
Last Modified
2026-02-24
References
https://github.com/InternationalColorConsortium/iccDEV/commit/8a6df2d8dac1e971a18be66fa36e3a0d6584f919 https://github.com/InternationalColorConsortium/iccDEV/issues/558 https://github.com/InternationalColorConsortium/iccDEV/pull/562 https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-5ffg-r52h-fgw3
Patch
https://github.com/InternationalColorConsortium/iccDEV/releases
Share on: