VYPR

iccDEV

by International Color Consortium

Source repositories

CVEs (62)

  • CVE-2026-24403HigJan 24, 2026
    risk 0.46cvss 7.1epss 0.00

    iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, an integer overflow vulnerability exists in icValidateStatus CIccProfile::CheckHeader() when user-controllable input is incorporated…

  • CVE-2026-25585HigFeb 4, 2026
    risk 0.00cvss 7.8epss 0.00

    iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a vulnerability IccCmm.cpp:5793 when reading through index during ICC profile processing. The malformed…

  • CVE-2026-25584HigFeb 4, 2026
    risk 0.00cvss 7.8epss 0.00

    iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a stack-buffer-overflow vulnerability in CIccTagFloatNum<>::GetValues(). This is triggered when…

  • CVE-2026-25583HigFeb 4, 2026
    risk 0.00cvss 7.8epss 0.00

    iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow vulnerability in CIccFileIO::Read8() when processing malformed ICC profile files…

  • CVE-2026-25582HigFeb 4, 2026
    risk 0.00cvss 7.8epss 0.00

    iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow (read) vulnerability in CIccIO::WriteUInt16Float() when converting malformed XML…

  • CVE-2026-25503HigFeb 3, 2026
    risk 0.00cvss 7.1epss 0.00

    iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, type confusion allowed malformed ICC profiles to trigger undefined behavior when loading invalid…

  • CVE-2026-24856HigJan 28, 2026
    risk 0.00cvss 7.8epss 0.00

    iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Versions prior to 2.3.1.2 have an undefined behavior issue when floating-point NaN values are converted to unsigned short integer types…

  • CVE-2026-24412HigJan 24, 2026
    risk 0.00cvss 8.8epss 0.01

    iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have aHeap Buffer Overflow vulnerability in the CIccTagXmlSegmentedCurve::ToXml() function. This occurs when user-controllable input is…

  • CVE-2026-24411HigJan 24, 2026
    risk 0.00cvss 7.1epss 0.00

    iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in CIccTagXmlSegmentedCurve::ToXml(). This occurs when user-controllable input is unsafely incorporated into ICC…

  • CVE-2026-24410HigJan 24, 2026
    risk 0.00cvss 7.1epss 0.00

    iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIccProfileXml::ParseBasic(). This occurs when user-controllable input is unsafely…

  • CVE-2026-24409HigJan 24, 2026
    risk 0.00cvss 7.1epss 0.00

    iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIccTagXmlFloatNum<>::ParseXml(). This occurs when user-controllable input is…

  • CVE-2026-24407HigJan 24, 2026
    risk 0.00cvss 7.1epss 0.00

    iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in icSigCalcOp(). This occurs when user-controllable input is unsafely incorporated into ICC profile data or…

  • CVE-2026-24406HigJan 24, 2026
    risk 0.00cvss 8.8epss 0.01

    iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccTagNamedColor2::SetSize(). This occurs when user-controllable input is unsafely…

  • CVE-2026-24405HigJan 24, 2026
    risk 0.00cvss 8.8epss 0.01

    iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccMpeCalculator::Read(). This occurs when user-controllable input is unsafely…

  • CVE-2026-24404HigJan 24, 2026
    risk 0.00cvss 7.1epss 0.00

    iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, CIccXmlArrayType() contains a Null Pointer Dereference and Undefined Behavior vulnerability. This occurs when user-controllable…

  • CVE-2026-22861HigJan 13, 2026
    risk 0.00cvss 8.8epss 0.01

    iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Prior to 2.3.1.2, There is a heap-based buffer overflow in SIccCalcOp::Describe() at…

  • CVE-2026-22255HigJan 8, 2026
    risk 0.00cvss 8.8epss 0.00

    iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow vulnerability in `CIccCLUT::Init()` at…

  • CVE-2026-22046HigJan 7, 2026
    risk 0.00cvss 8.8epss 0.00

    iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow vulnerability in `CIccProfileXml::ParseBasic()` at…

  • CVE-2026-21693HigJan 7, 2026
    risk 0.00cvss 8.8epss 0.00

    iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `CIccSegmentedCurveXml::ToXml()` at…

  • CVE-2026-21692HigJan 7, 2026
    risk 0.00cvss 8.8epss 0.00

    iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `ToXmlCurve()` at…

Page 1 of 4