iccDEV
by International Color Consortium
Source repositories
CVEs (62)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-24403 | Hig | 0.46 | 7.1 | 0.00 | Jan 24, 2026 | iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, an integer overflow vulnerability exists in icValidateStatus CIccProfile::CheckHeader() when user-controllable input is incorporated… | ||
| CVE-2026-25585 | Hig | 0.00 | 7.8 | 0.00 | Feb 4, 2026 | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a vulnerability IccCmm.cpp:5793 when reading through index during ICC profile processing. The malformed… | ||
| CVE-2026-25584 | Hig | 0.00 | 7.8 | 0.00 | Feb 4, 2026 | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a stack-buffer-overflow vulnerability in CIccTagFloatNum<>::GetValues(). This is triggered when… | ||
| CVE-2026-25583 | Hig | 0.00 | 7.8 | 0.00 | Feb 4, 2026 | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow vulnerability in CIccFileIO::Read8() when processing malformed ICC profile files… | ||
| CVE-2026-25582 | Hig | 0.00 | 7.8 | 0.00 | Feb 4, 2026 | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow (read) vulnerability in CIccIO::WriteUInt16Float() when converting malformed XML… | ||
| CVE-2026-25503 | Hig | 0.00 | 7.1 | 0.00 | Feb 3, 2026 | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, type confusion allowed malformed ICC profiles to trigger undefined behavior when loading invalid… | ||
| CVE-2026-24856 | Hig | 0.00 | 7.8 | 0.00 | Jan 28, 2026 | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Versions prior to 2.3.1.2 have an undefined behavior issue when floating-point NaN values are converted to unsigned short integer types… | ||
| CVE-2026-24412 | Hig | 0.00 | 8.8 | 0.01 | Jan 24, 2026 | iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have aHeap Buffer Overflow vulnerability in the CIccTagXmlSegmentedCurve::ToXml() function. This occurs when user-controllable input is… | ||
| CVE-2026-24411 | Hig | 0.00 | 7.1 | 0.00 | Jan 24, 2026 | iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in CIccTagXmlSegmentedCurve::ToXml(). This occurs when user-controllable input is unsafely incorporated into ICC… | ||
| CVE-2026-24410 | Hig | 0.00 | 7.1 | 0.00 | Jan 24, 2026 | iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIccProfileXml::ParseBasic(). This occurs when user-controllable input is unsafely… | ||
| CVE-2026-24409 | Hig | 0.00 | 7.1 | 0.00 | Jan 24, 2026 | iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIccTagXmlFloatNum<>::ParseXml(). This occurs when user-controllable input is… | ||
| CVE-2026-24407 | Hig | 0.00 | 7.1 | 0.00 | Jan 24, 2026 | iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in icSigCalcOp(). This occurs when user-controllable input is unsafely incorporated into ICC profile data or… | ||
| CVE-2026-24406 | Hig | 0.00 | 8.8 | 0.01 | Jan 24, 2026 | iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccTagNamedColor2::SetSize(). This occurs when user-controllable input is unsafely… | ||
| CVE-2026-24405 | Hig | 0.00 | 8.8 | 0.01 | Jan 24, 2026 | iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccMpeCalculator::Read(). This occurs when user-controllable input is unsafely… | ||
| CVE-2026-24404 | Hig | 0.00 | 7.1 | 0.00 | Jan 24, 2026 | iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, CIccXmlArrayType() contains a Null Pointer Dereference and Undefined Behavior vulnerability. This occurs when user-controllable… | ||
| CVE-2026-22861 | Hig | 0.00 | 8.8 | 0.01 | Jan 13, 2026 | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Prior to 2.3.1.2, There is a heap-based buffer overflow in SIccCalcOp::Describe() at… | ||
| CVE-2026-22255 | Hig | 0.00 | 8.8 | 0.00 | Jan 8, 2026 | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow vulnerability in `CIccCLUT::Init()` at… | ||
| CVE-2026-22046 | Hig | 0.00 | 8.8 | 0.00 | Jan 7, 2026 | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow vulnerability in `CIccProfileXml::ParseBasic()` at… | ||
| CVE-2026-21693 | Hig | 0.00 | 8.8 | 0.00 | Jan 7, 2026 | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `CIccSegmentedCurveXml::ToXml()` at… | ||
| CVE-2026-21692 | Hig | 0.00 | 8.8 | 0.00 | Jan 7, 2026 | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `ToXmlCurve()` at… |
- risk 0.46cvss 7.1epss 0.00
iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, an integer overflow vulnerability exists in icValidateStatus CIccProfile::CheckHeader() when user-controllable input is incorporated…
- risk 0.00cvss 7.8epss 0.00
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a vulnerability IccCmm.cpp:5793 when reading through index during ICC profile processing. The malformed…
- risk 0.00cvss 7.8epss 0.00
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a stack-buffer-overflow vulnerability in CIccTagFloatNum<>::GetValues(). This is triggered when…
- risk 0.00cvss 7.8epss 0.00
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow vulnerability in CIccFileIO::Read8() when processing malformed ICC profile files…
- risk 0.00cvss 7.8epss 0.00
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow (read) vulnerability in CIccIO::WriteUInt16Float() when converting malformed XML…
- risk 0.00cvss 7.1epss 0.00
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, type confusion allowed malformed ICC profiles to trigger undefined behavior when loading invalid…
- risk 0.00cvss 7.8epss 0.00
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Versions prior to 2.3.1.2 have an undefined behavior issue when floating-point NaN values are converted to unsigned short integer types…
- risk 0.00cvss 8.8epss 0.01
iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have aHeap Buffer Overflow vulnerability in the CIccTagXmlSegmentedCurve::ToXml() function. This occurs when user-controllable input is…
- risk 0.00cvss 7.1epss 0.00
iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in CIccTagXmlSegmentedCurve::ToXml(). This occurs when user-controllable input is unsafely incorporated into ICC…
- risk 0.00cvss 7.1epss 0.00
iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIccProfileXml::ParseBasic(). This occurs when user-controllable input is unsafely…
- risk 0.00cvss 7.1epss 0.00
iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIccTagXmlFloatNum<>::ParseXml(). This occurs when user-controllable input is…
- risk 0.00cvss 7.1epss 0.00
iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in icSigCalcOp(). This occurs when user-controllable input is unsafely incorporated into ICC profile data or…
- risk 0.00cvss 8.8epss 0.01
iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccTagNamedColor2::SetSize(). This occurs when user-controllable input is unsafely…
- risk 0.00cvss 8.8epss 0.01
iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccMpeCalculator::Read(). This occurs when user-controllable input is unsafely…
- risk 0.00cvss 7.1epss 0.00
iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, CIccXmlArrayType() contains a Null Pointer Dereference and Undefined Behavior vulnerability. This occurs when user-controllable…
- risk 0.00cvss 8.8epss 0.01
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Prior to 2.3.1.2, There is a heap-based buffer overflow in SIccCalcOp::Describe() at…
- risk 0.00cvss 8.8epss 0.00
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow vulnerability in `CIccCLUT::Init()` at…
- risk 0.00cvss 8.8epss 0.00
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow vulnerability in `CIccProfileXml::ParseBasic()` at…
- risk 0.00cvss 8.8epss 0.00
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `CIccSegmentedCurveXml::ToXml()` at…
- risk 0.00cvss 8.8epss 0.00
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `ToXmlCurve()` at…
Page 1 of 4