CVE-2026-34542 iccDEV: SBO in CIccCalculatorFunc::Apply()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a stack-buffer-overflow SBO in CIccCalculatorFunc::Apply when processed via iccApplyNamedCmm. Under AddressSanitizer, the failure is reported as...

PT-2026-29390

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a stack-buffer-overflow SBO in CIccCalculatorFunc::Apply when processed via iccApplyNamedCmm. Under AddressSanitizer, the failure is reported as...

PT-2026-24360

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.5 Description iccDEV is a set of libraries and tools for working with ICC color management profiles. A stack buffer overflow write exists in the CIccXform3DLut::Apply function, potentially leading to stack memory...

CVE-2026-25634 iccDEV memcpy-param-overlap in CIccTagMultiProcessElement::Apply()

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to 2.3.1.4, SrcPixel and DestPixel stack buffers overlap in CIccTagMultiProcessElement::Apply int IccTagMPE.cpp. This vulnerability is fixed in 2.3.1....

EUVD-2026-5578

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to 2.3.1.4, SrcPixel and DestPixel stack buffers overlap in CIccTagMultiProcessElement::Apply int IccTagMPE.cpp. This vulnerability is fixed in 2.3.1....

iccDEV 安全漏洞

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.4 contained security vulnerabilities. These vulnerabilities were caused by an overlap in the stack buffer of SrcPixel and DestPixel in the...

PT-2026-6793

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.4 Description iccDEV is a set of libraries and tools used for interacting with, manipulating, and applying ICC color management profiles. A stack buffer overlap exists in the CIccTagMultiProcessElement::Apply...

PT-2026-6548

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.1.20 Description An unauthenticated local client could leverage the Gateway WebSocket API to modify configuration settings through the config.apply function. Specifically, the ability to set unsafe cliPath value...

PT-2025-16271 · Unknown · Jsonschema2Pojo

Name of the Vulnerable Software and Affected Versions: joelittlejohn jsonschema2pojo version 1.2.2 Description: A vulnerability has been found in the JSON File Handler component, affecting the apply function of the org/jsonschema2pojo/rules/SchemaRule.java file. This issue leads to a stack-based...

Code Injection

wix-embedded-mysql is vulnerable to Code Injection. The vulnerability exists because the apply function of Setup.java as does not properly check if the argument is a Mysql executable, allowing an attacker to inject and execute malicious code...

Changeset vulnerable to prototype pollution

Overview Prototype pollution vulnerability in 'changeset' versions 0.0.1 through 0.2.5 allows attackers to cause a denial of service and may lead to remote code execution. Details The npm module 'changeset' can be abused by Prototype Pollution vulnerability since the function 'apply' does not che...

GHSA-2GQW-Q9R9-7F79 Changeset vulnerable to prototype pollution

Overview Prototype pollution vulnerability in 'changeset' versions 0.0.1 through 0.2.5 allows attackers to cause a denial of service and may lead to remote code execution. Details The npm module 'changeset' can be abused by Prototype Pollution vulnerability since the function 'apply' does not che...

CVE-2010-4206

Removed by vendor...

CVE-2010-4206

Array index error in the FEBlend::apply function in WebCore/platform/graphics/filters/FEBlend.cpp in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a craft...

CVE-2010-4206

CVE-2010-4206 is a WebKit/WebKitGTK+ vulnerability described across multiple advisories as an array index error in FEBlend::apply (WebCore/graphics/filters/FEBlend.cpp). This defect was present in WebKit builds used by Google Chrome prior to 7.0.517.44 and webkitgtk before 1.2.6, among other prod...

CVE-2010-4206

Array index error in the FEBlend::apply function in WebCore/platform/graphics/filters/FEBlend.cpp in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a craft...