12 matches found
CVE-2026-24856 iccDEV has UB runtime error in <icTagTypeSignature>
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Versions prior to 2.3.1.2 have an undefined behavior issue when floating-point NaN values are converted to unsigned short integer types during ICC profile X...
Medium: exiv2
Issue Overview: Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions 0.28.5 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted...
PT-2025-35224
Name of the Vulnerable Software and Affected Versions Exiv2 versions prior to 0.28.6 Description Exiv2 is a C++ library and a command-line utility used to read, write, delete, and modify image metadata Exif, IPTC, XMP, and ICC. A denial-of-service issue was identified in the ICC profile parsing...
Apple macOS vImage ICC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...
Debian Security Advisory DSA 2595-1 (ghostscript - integer overflow)
Marc Schoenefeld discovered that an integer overflow in the ICC parsing code of Ghostscript can lead to the execution of arbitrary code. OpenVAS Vulnerability Test $Id: deb25951.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2595-1 using nvtgen 1.0 Script version: 1.0...
Debian: Security Advisory (DSA-2595-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DSA-2595-1 ghostscript - buffer overflow
Bulletin has no description...
Foxit Products ICC Parsing Integer Overflow Vulnerability
The host is installed with Foxit Products and is prone to integer overflow vulnerability. OpenVAS Vulnerability Test $Id: gbfoxitprdtsintoverflowvuln.nasl 3117 2016-04-19 10:19:37Z benallard $ Foxit Products ICC Parsing Integer Overflow Vulnerability Authors: Madhuri D Copyright: Copyright c 2011...
Foxit Reader ICC解析远程整数溢出漏洞
BUGTRAQ ID: 46565 CVE ID: CVE-2011-0332 Foxit Reader是一款小型的PDF文档查看器和打印程序。 Foxit Reader在实现上存在ICC解析远程整数溢出漏洞,攻击者可利用此漏洞在受影响应用程序中执行任意代码,造成拒绝服务。 此漏洞源于在解析某些ICC块时的整数溢出错误,可通过特制的文件造成堆缓冲区溢出。 Foxit Foxit Reader 4.3.1.0118 厂商补丁: Foxit ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
ZDI-11-073: Adobe Reader ICC Parsing Remote Code Execution Vulnerability
ZDI-11-073: Adobe Reader ICC Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-073 February 8, 2011 -- CVE ID: CVE-2011-0598 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Adobe -- Affected Products: Adobe Reader -- Vulnerability Details:...
ZDI-10-191: Adobe Reader ICC Parsing Remote Code Execution Vulnerability
ZDI-10-191: Adobe Reader ICC Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-191 October 6, 2010 -- CVE ID: CVE-2010-3621 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Adobe -- Affected Products: Adobe Reader -- Vulnerability Details:...
Adobe Reader ICC Parsing Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required in that a target must be coerced into opening a file or visiting a web page. The specific flaw exists within the ACE.dll module responsible for parsing IC...