CVE-2026-24405 iccDEV has Heap Buffer Overflow in CIccMpeCalculator::Read()

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccMpeCalculator::Read. This occurs when user-controllable input is unsafely incorporated into ICC profile...

CVE-2026-24405 iccDEV has Heap Buffer Overflow in CIccMpeCalculator::Read()

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccMpeCalculator::Read. This occurs when user-controllable input is unsafely incorporated into ICC profile...

CVE-2026-24405

The CVE-2026-24405 entry concerns iccDEV libraries. Affected software: iccDEV versions 2.3.1.1 and earlier. Vulnerability: Heap Buffer Overflow in CIccMpeCalculator::Read(), triggered when user-controlled input is unsafely incorporated into ICC profile data or other structured binary blobs. Poten...

PT-2026-4547

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccMpeCalculator::Read. This occurs when user-controllable input is unsafely incorporated into ICC profile...

CVE-2025-69229 AIOHTTP vulnerable to DoS through chunked messages

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. If an application makes use of the request.read method in an endpoint, it...

GHSA-F5CX-H789-J959 PowSyBl Core allows deserialization of untrusted SparseMatrix data

Impact What kind of vulnerability is it? Who is impacted? This is a disclosure for a security vulnerability in the SparseMatrix class. The vulnerability is a deserialization issue that can lead to a wide range of privilege escalations depending on the circumstances. The problematic area is the re...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the read method of the SparseMatrix class. An attacker can execute arbitrary code or escalate privileges by providing a crafted serialized object to be deserialized. Note: This is only exploitable i...

Use of Uninitialized Resource in binjs_io.

An issue was discovered in the binjsio crate through 2021-01-03 for Rust. The Read method may read from uninitialized memory locations...

GHSA-CW4J-CF6C-MMFV Use of Uninitialized Resource in binjs_io.

An issue was discovered in the binjsio crate through 2021-01-03 for Rust. The Read method may read from uninitialized memory locations...

CVE-2021-45683

An issue was discovered in the binjsio crate through 2021-01-03 for Rust. The Read method may read from uninitialized memory locations...

Memory corruption

An issue was discovered in the binjsio crate through 2021-01-03 for Rust. The Read method may read from uninitialized memory locations...

CVE-2021-45683

The CVE-2021-45683 issue affects the Rust crate binjs_io (pre-2021-01-03). The Read method may read from uninitialized memory locations, causing memory exposure and potential undefined behavior. Public advisories (e.g., RUSTSEC-2021-0085, GHSA-CW4J-CF6C-MMFV, GHSA-C6PX-4GRW-HRJR, OSV entries) des...

UniValue Denial of Service Vulnerability

UniValue is a generic value class that supports JSON encoding and decoding. A security vulnerability exists in UniValue::read in versions prior to UniValue 1.0.5. An attacker can exploit this vulnerability to cause a denial of service with input data...

Apache denial of service vulnerability

Apache Commons Compress is an American Apache Apache Software Foundation library for processing compressed files. A denial of service vulnerability exists in Apache Commons Compress versions 1.7 through 1.17, which stems from a failure of the read method of ZipArchiveInputStream to return the...

Oracle Document Capture Insecure READ Method

No description provided by source. Source: http://packetstormsecurity.org/files/view/97872/DSECRG-11-007.txt Digital Security Research Group DSecRG Advisory DSECRG-11-007 Internal DSECRG-00117 Application: Oracle Document Capture Versions Affected: 10.1350.0005 Vendor URL:...

Design/Logic Flaw

An unspecified buffer-read method in IBM Sterling Control Center SCC 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to cause a denial of service via a large file that lacks end-of-line characters...

CVE-2013-2968

An unspecified buffer-read method in IBM Sterling Control Center SCC 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to cause a denial of service via a large file that lacks end-of-line characters...

CVE-2013-2968

IBM Sterling Control Center (SCC) is affected by CVE-2013-2968 due to a buffer-read flaw in a component used when reading large files without end-of-line characters. Affected SCC versions are 5.2 (up to 5.2.0.8), 5.3 (up to 5.3.0.3), and 5.4 (up to 5.4.0.1). The issue can allow remote authenticat...

Oracle - Document Capture Insecure READ Method

Oracle - Document Capture Insecure READ Method Source: http://packetstormsecurity.org/files/view/97872/DSECRG-11-007.txt Digital Security Research Group DSecRG Advisory DSECRG-11-007 Internal DSECRG-00117 Application: Oracle Document Capture Versions Affected: 10.1350.0005 Vendor URL:...

[DSECRG-11-007] Oracle Document Capture ImportBodyText - read files

Digital Security Research Group DSecRG Advisory DSECRG-11-007 Internal DSECRG-00117 Application: Oracle Document Capture Versions Affected: 10.1350.0005 Vendor URL: http://www.oracle.com/technology/software/products/content-management/indexdc.html Bugs: Insecure READ method Exploits: YES Reported...