CNNVD-202602-761 Information
CNNVD ID
CNNVD-202602-761
Related CVE
- CNNVD Published: 2026-02-04
Description (Chinese)
iccDEV是International Color Consortium开源的一个颜色配置代码库。 iccDEV 2.3.1.3之前版本存在缓冲区错误漏洞,该漏洞源于处理ICC配置文件时数组边界验证不当,可能导致越界读取,造成内存泄露或分段错误。
Description (English)
iccDEV is a colour configuration code library of the International Color Consortium open source. The previous version of iccDEV 2.3.1.3 contains a buffer zone error loophole, which stems from the improper verification of the array of boundaries during the processing of the ICC configuration document, which may lead to cross-border access, resulting in memory leakage or segment error.
Hazard Level
High
Vulnerability Type
缓冲区错误
Affected Vendor
International Color Consortium
Published
2026-02-04
Last Modified
2026-02-24
References
https://github.com/InternationalColorConsortium/iccDEV/commit/ba81cd94b9c82b1d3905d45427badbd9d8adfa15 https://github.com/InternationalColorConsortium/iccDEV/issues/552 https://github.com/InternationalColorConsortium/iccDEV/pull/563 https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-pmqx-q624-jg6w
Patch
https://github.com/InternationalColorConsortium/iccDEV/releases
Share on: