CVE-2026-24405

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccMpeCalculator::Read. This occurs when user-controllable input is unsafely incorporated into ICC profile...

CVE-2026-24411

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in CIccTagXmlSegmentedCurve::ToXml. This occurs when user-controllable input is unsafely incorporated into ICC profile data or oth...

CVE-2026-24411

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in CIccTagXmlSegmentedCurve::ToXml. This occurs when user-controllable input is unsafely incorporated into ICC profile data or oth...

CVE-2026-24411 iccDEV has Undefined Behavior and Null Pointer Deference in CIccTagXmlSegmentedCurve::ToXml()

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in CIccTagXmlSegmentedCurve::ToXml. This occurs when user-controllable input is unsafely incorporated into ICC profile data or oth...

CVE-2026-24409 iccDEV has Undefined Behavior and Null Pointer Deference in CIccTagXmlFloatNum<>::ParseXml()

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIccTagXmlFloatNum::ParseXml. This occurs when user-controllable input is unsafely incorporated into...

CVE-2026-24407

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in icSigCalcOp. This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary...

CVE-2026-24406

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccTagNamedColor2::SetSize. This occurs when user-controllable input is unsafely incorporated into ICC profi...

CVE-2026-24406

The CVE-2026-24406 entry concerns iccDEV, which provides ICC color management profile tooling. A Heap Buffer Overflow exists in CIccTagNamedColor2::SetSize() for versions 2.3.1.1 and earlier, triggered when user-controlled input is unsafely incorporated into ICC profile data or other binary blobs...

CVE-2026-24405 iccDEV has Heap Buffer Overflow in CIccMpeCalculator::Read()

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccMpeCalculator::Read. This occurs when user-controllable input is unsafely incorporated into ICC profile...

CVE-2026-24405 iccDEV has Heap Buffer Overflow in CIccMpeCalculator::Read()

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccMpeCalculator::Read. This occurs when user-controllable input is unsafely incorporated into ICC profile...

CVE-2026-24404

CVE-2026-24404 affects iccDEV: CIccXmlArrayType() vulnerability in versions 2.3.1.1 and earlier, caused by unsafe handling of user-controlled input in ICC profile data/structured binary blobs. The issue yields a Null Pointer Dereference and Undefined Behavior, with potential consequences includin...

CVE-2026-24404 iccDEV has Null Pointer Deference and Undefined Behavior in CIccXmlArrayType()

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, CIccXmlArrayType contains a Null Pointer Dereference and Undefined Behavior vulnerability. This occurs when user-controllable input is unsafely...

iccDEV security vulnerability

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.1 contained security vulnerabilities. These vulnerabilities stemmed from a heap buffer overflow in the CIccMpeCalculator::Read function, which could lead to...

iccDEV security vulnerability

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.1 contained security vulnerabilities. These vulnerabilities stemmed from a heap buffer overflow in the CIccTagNamedColor2::SetSize function, which could lea...

CVE-2026-21487

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below have an Out-of-bounds Read, Use of Out-of-range Pointer Offset and have Improper Input Validation in its CIccProfile::LoadTag function. This issue is fixed in version 2.3.1.2...

CVE-2026-21677

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have Undefined Behavior in its CIccCLUT::Init function which initializes and sets the size of a CLUT. This issue is fixed in version 2.3.1.1...

CVE-2026-21485

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are prone to have Undefined Behavior UB and Out of Memory errors. This issue is fixed in version 2.3.1.2...

CVE-2026-21493

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Type Confusion in its CIccSingleSampledeCurveXml class during XML Curve Serialization. This issue is fixed in version 2.3.1.2...

CVE-2026-21489 iccDEV has Out-of-bounds Read and Integer Underflow (Wrap or Wraparound)

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below have Out-of-bounds Read and Integer Underflow Wrap or Wraparound vulnerabilities in its CIccCalculatorFunc::SequenceNeedTempReset function. This issue is fixed in version 2.3.1....

EUVD-2026-1158

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below have Out-of-bounds Read and Integer Underflow Wrap or Wraparound vulnerabilities in its CIccCalculatorFunc::SequenceNeedTempReset function. This issue is fixed in version 2.3.1....