CVE-2026-21677 iccDEV has Undefined Behavior in CIccCLUT::Init()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have Undefined Behavior in its CIccCLUT::Init function which initializes and sets the size of a CLUT. This issue is fixed in version 2.3.1.1...

CVE-2026-21677 iccDEV has Undefined Behavior in CIccCLUT::Init()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have Undefined Behavior in its CIccCLUT::Init function which initializes and sets the size of a CLUT. This issue is fixed in version 2.3.1.1...

iccDEV 安全漏洞

iccDEV is an open source color configuration codebase from the International Color Consortium ICC. A security vulnerability exists in iccDEV version 2.3.1.1 and earlier, which stems from undefined behavior and out-of-memory errors...

iccDEV 安全漏洞

iccDEV is an open source color configuration code library from the International Color Consortium ICC. A security vulnerability exists in iccDEV version 2.3.1 and earlier, which stems from an undefined behavior in the CIccCLUT::Init function, which could lead to an undefined behavior attack...

PT-2026-1407

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.1 Description iccDEV is a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain Undefined Behavior in the CIccCLUT::Init function, which initializes and sets...

PT-2026-1405

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.2 Description iccDEV is a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and earlier contain Undefined Behavior UB and Out of Memory errors. Undefined Behavior refers ...

RUSTSEC-2026-0001 Potential Undefined Behaviors in `Arc<T>`/`Rc<T>` impls of `from_value` on OOM

The SharedPointer::alloc implementation for sync::Arc and rc::Rc in rkyv/src/impls/alloc/rc/atomic.rs and rc.rs does not check if the allocator returns a null pointer on OOM Out of Memory. This null pointer can flow through to SharedPointer::fromvalue, which calls Box::fromrawptr with the null...

PT-2026-21704

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 148 Firefox ESR versions prior to 115.33 Firefox ESR versions prior to 140.8 Thunderbird versions prior to 148 Thunderbird versions prior to 140.8 Description An undefined behavior issue exists within the DOM: Core &...

PT-2026-29136

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.24.2 Description FreeRDP is a free implementation of the Remote Desktop Protocol. The progressive decompress tile upgrade function detects a mismatch through progressive rfx quant cmp equal but only emits a warning,...

PT-2026-26290

Name of the Vulnerable Software and Affected Versions libarchive affected versions not specified Description An issue exists in libarchive’s zisofs decompression logic. Improper validation of the pz log2 bs field read from ISO9660 Rock Ridge extensions can lead to undefined behavior. An attacker...

PT-2026-27416

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 149 Firefox ESR versions prior to 140.9 Thunderbird versions prior to 149 Thunderbird versions prior to 140.9 Description An undefined behavior exists within the WebRTC: Signaling component. This issue impacts the...

PT-2026-27403

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 149 Firefox ESR versions prior to 140.9 Thunderbird versions prior to 149 Thunderbird versions prior to 140.9 Description An undefined behavior exists within the WebRTC: Signaling component. This issue impacts the...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992948)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992948 advisory. In the Linux kernel, the following vulnerability has been resolved: net: atlantic: fix aqvec index out of range error The final update statement of the for loop...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992752)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992752 advisory. In the Linux kernel, the following vulnerability has been resolved: blkiocost: fix more out of bound shifts Recently running UBSAN caught few out of bound shifts in...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993042)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993042 advisory. In the Linux kernel, the following vulnerability has been resolved: net: mdio: fix undefined behavior in bit shift for mdiobusregister Shifting signed 32-bit value b...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from reuse after release and could lead to undefined behavior...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992177)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992177 advisory. In the Linux kernel, the following vulnerability has been resolved: powercap: intelrapl: fix UBSAN shift-out-of-bounds issue When value timeunit, the parameter of...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-992541)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992541 advisory. In the Linux kernel, the following vulnerability has been resolved: ACPICA: Avoid undefined behavior: applying zero offset to null pointer ACPICA commit...

ruint affected by unsoundness of safe `reciprocal_mg10`

The function reciprocalmg10 is marked as safe but can trigger undefined behavior out-of-bounds access because it relies on debugassert! for safety checks instead of assert!. When compiled in release mode, the debugassert! is optimized out, potentially allowing invalid inputs to cause memory...

SUSE CVE-2022-50778

In the Linux kernel, the following vulnerability has been resolved: fortify: Fix compiletimestrlen under UBSANBOUNDSLOCAL With CONFIGFORTIFY=y and CONFIGUBSANLOCALBOUNDS=y enabled, we observe a runtime panic while running Android's Compatibility Test Suite's CTS android.hardware.input.cts.tests...