CVE-2026-24403 iccDEV Undefined Behavior in CIccProfile::CheckHeader() Leads to Integer Overflow

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, an integer overflow vulnerability exists in icValidateStatus CIccProfile::CheckHeader when user-controllable input is incorporated into profile data...

CVE-2026-24403 iccDEV Undefined Behavior in CIccProfile::CheckHeader() Leads to Integer Overflow

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, an integer overflow vulnerability exists in icValidateStatus CIccProfile::CheckHeader when user-controllable input is incorporated into profile data...

PT-2026-4545

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.2 Description iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, an integer overflow exists in the CheckHeader...

ALC WebCTRL XML External Entity Injection Vulnerability

ALC WebCTRL is a building automation control system from Automated Logic Corporation ALC. An XML external entity injection vulnerability exists in ALC WebCTRL. The vulnerability can be exploited to disclose the contents of a file on the underlying web server operating system via the 'X-Wap-Profil...