CVE-2026-34542 iccDEV: SBO in CIccCalculatorFunc::Apply()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a stack-buffer-overflow SBO in CIccCalculatorFunc::Apply when processed via iccApplyNamedCmm. Under AddressSanitizer, the failure is reported as...

PT-2026-29390

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a stack-buffer-overflow SBO in CIccCalculatorFunc::Apply when processed via iccApplyNamedCmm. Under AddressSanitizer, the failure is reported as...

PT-2026-24360

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.5 Description iccDEV is a set of libraries and tools for working with ICC color management profiles. A stack buffer overflow write exists in the CIccXform3DLut::Apply function, potentially leading to stack memory...

EUVD-2026-5578

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to 2.3.1.4, SrcPixel and DestPixel stack buffers overlap in CIccTagMultiProcessElement::Apply int IccTagMPE.cpp. This vulnerability is fixed in 2.3.1....

CVE-2026-25634 iccDEV memcpy-param-overlap in CIccTagMultiProcessElement::Apply()

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to 2.3.1.4, SrcPixel and DestPixel stack buffers overlap in CIccTagMultiProcessElement::Apply int IccTagMPE.cpp. This vulnerability is fixed in 2.3.1....

iccDEV 安全漏洞

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.4 contained security vulnerabilities. These vulnerabilities were caused by an overlap in the stack buffer of SrcPixel and DestPixel in the...

PT-2026-6793

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.4 Description iccDEV is a set of libraries and tools used for interacting with, manipulating, and applying ICC color management profiles. A stack buffer overlap exists in the CIccTagMultiProcessElement::Apply...

PT-2026-6548

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.1.20 Description An unauthenticated local client could leverage the Gateway WebSocket API to modify configuration settings through the config.apply function. Specifically, the ability to set unsafe cliPath value...

PT-2025-16271 · Unknown · Jsonschema2Pojo

Name of the Vulnerable Software and Affected Versions: joelittlejohn jsonschema2pojo version 1.2.2 Description: A vulnerability has been found in the JSON File Handler component, affecting the apply function of the org/jsonschema2pojo/rules/SchemaRule.java file. This issue leads to a stack-based...

Vulnerability of the bpf_core_apply() function (kernel/bpf/btf.c) of the Linux operating system’s BPF component, which allows a hacker to cause a service failure

The vulnerability of the bpfcoreapply function kernel/bpf/btf.c of the Linux operating system’s BPF component is related to pointer manipulation. Exploiting this vulnerability could allow an attacker to cause a service failure...

Code Injection

wix-embedded-mysql is vulnerable to Code Injection. The vulnerability exists because the apply function of Setup.java as does not properly check if the argument is a Mysql executable, allowing an attacker to inject and execute malicious code...

GHSA-2GQW-Q9R9-7F79 Changeset vulnerable to prototype pollution

Overview Prototype pollution vulnerability in 'changeset' versions 0.0.1 through 0.2.5 allows attackers to cause a denial of service and may lead to remote code execution. Details The npm module 'changeset' can be abused by Prototype Pollution vulnerability since the function 'apply' does not che...

Changeset vulnerable to prototype pollution

Overview Prototype pollution vulnerability in 'changeset' versions 0.0.1 through 0.2.5 allows attackers to cause a denial of service and may lead to remote code execution. Details The npm module 'changeset' can be abused by Prototype Pollution vulnerability since the function 'apply' does not che...

The vulnerability of the mpatch_apply function in the Mercuria version control software allows a attacker to compromise data integrity.

The vulnerability of the mpatchapply function in the Mercuria version control tool is related to the lack of a mechanism for checking input data. Exploiting this vulnerability allows an attacker to compromise the integrity of data...

CVE-2010-4206

Array index error in the FEBlend::apply function in WebCore/platform/graphics/filters/FEBlend.cpp in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a craft...

CVE-2010-4206

CVE-2010-4206 is a WebKit/WebKitGTK+ vulnerability described across multiple advisories as an array index error in FEBlend::apply (WebCore/graphics/filters/FEBlend.cpp). This defect was present in WebKit builds used by Google Chrome prior to 7.0.517.44 and webkitgtk before 1.2.6, among other prod...

CVE-2010-4206

Removed by vendor...

CVE-2010-4206

Array index error in the FEBlend::apply function in WebCore/platform/graphics/filters/FEBlend.cpp in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a craft...