CNNVD-202602-930 Information
CNNVD ID
CNNVD-202602-930
Related CVE
- CNNVD Published: 2026-02-06
Description (Chinese)
iccDEV是International Color Consortium开源的一个颜色配置代码库。 iccDEV 2.3.1.4之前版本存在安全漏洞,该漏洞源于CIccTagMultiProcessElement::Apply函数中SrcPixel和DestPixel堆栈缓冲区重叠,可能导致内存损坏。
Description (English)
iccDEV is a colour configuration code library of the International Color Consortium open source. The previous version of iccDEV 2.3.1.4 had a security loophole, which originated from the overlap of the SrcPixel and DestPixel stack buffer zones in the CIccTagMultiProcessElement:: Apply function, which could lead to memory damage.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
International Color Consortium
Published
2026-02-06
Last Modified
2026-02-24
References
https://github.com/InternationalColorConsortium/iccDEV/commit/9206e0b8684e4cf4186d9ae768f16760bc1af9ff https://github.com/InternationalColorConsortium/iccDEV/issues/577 https://github.com/InternationalColorConsortium/iccDEV/pull/579 https://github.com/InternationalColorConsortium/iccDEV/releases/tag/v2.3.1.4 https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-35rg-jcmp-583h https://access.redhat.com/security/cve/cve-2026-25634
Patch
https://github.com/InternationalColorConsortium/iccDEV/releases
Share on: