CVE-2026-21687 iccDEV has Undefined Behavior in CIccTagCurve::CIccTagCurve()

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in CIccTagCurve::CIccTagCurve. This vulnerability affects users of the iccD...

CVE-2026-21680

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have a NULL pointer dereference vulnerability. This vulnerability affects users of the iccDEV libra...

PT-2026-2078

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.2 Description iccDEV is a set of libraries and tools for interacting with International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 exhibit an Undefined Behavior runtime error when...

PT-2026-2089

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.2 Description iccDEV is a set of libraries and tools for interacting with International Color Consortium ICC color management profiles. A Type Confusion flaw exists in the ToXmlCurve function located at...

PT-2026-2088

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.2 Description iccDEV is a set of libraries and tools for interacting with International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 contain a Type Confusion flaw in the...

CVE-2026-21492

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have a NULL pointer member call vulnerability. This vulnerability affects users of the iccDEV libra...

CVE-2026-21492 iccDEV ToneMap Writer has NULL Pointer Member Call

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have a NULL pointer member call vulnerability. This vulnerability affects users of the iccDEV libra...

EUVD-2026-1148

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have overflows and underflows in CIccXmlArrayType::ParseTextCountNum. This vulnerability affects users of the iccDEV library who process ICC color profiles. This issue is fixed in...

PT-2026-1503

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.2 Description iccDEV is a set of libraries and tools for interacting with International Color Consortium ICC color management profiles. A flaw exists in versions prior to 2.3.1.2 that can lead to a heap buffer...

Hugging Face Transformers 代码问题漏洞

Hugging Face Transformers is Hugging Face's open source advanced natural language processing for Jax, PyTorch and TensorFlow. A code issue vulnerability exists in Hugging Face Transformers that stems from improper data validation in profile processing, which could lead to untrusted data...

The vulnerability of the Radio Scheduling component in the microprogramming software of Tp-Link AC1350 allows a intruder to execute arbitrary code.

The vulnerability of the Radio Scheduling component in the microprogramming software of Tp-Link AC1350 wireless access points is related to buffer overflows in the stack when processing the profile parameter. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using...

The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to the lack of measures taken to protect the structure of web pages during the processing of user profile pages. Exploiting this vulnerability allows a malicious actor to perform cross-sit...

Multiple vulnerabilities in GROWI

Overview GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in the presentation feature CWE-79 - CVE-2023-42436 Stored cross-site scripting vulnerability in the App Settings /admin/app page and the Markdown Settings...

SUSE CVE-2016-7536

magick/profile.c in ImageMagick allows remote attackers to cause a denial of service segmentation fault via a crafted profile...

CVE-2022-26730

A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution...

CVE-2021-30917

A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big...

Apple iOS Malicious Profile Memory Corruption Vulnerability

Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. A memory corruption vulnerability exists in the Apple iOS processing profile, which allows local attackers to exploit the vulnerability to construct malicious files that can be parsed by the user and can...