CVE-2026-21503

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined behavior due to a null pointer passed to memcpy in CIccTagSparseMatrixArray. This issue has been patched in...

CVE-2021-41219

TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to nullptr. This occurs whenever the dimensions of a or b are 0 or less. In the case on one of these is 0, an empt...

CVE-2026-21503

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined behavior due to a null pointer passed to memcpy in CIccTagSparseMatrixArray. This issue has been patched in...

CVE-2026-21503 iccDEV has Undefined Behavior - Null Pointer Passed to memcpy() in CIccTagSparseMatrixArray

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined behavior due to a null pointer passed to memcpy in CIccTagSparseMatrixArray. This issue has been patched in...

EUVD-2026-1386

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined behavior due to a null pointer passed to memcpy in CIccTagSparseMatrixArray. This issue has been patched in...

CVE-2026-21503 iccDEV has Undefined Behavior - Null Pointer Passed to memcpy() in CIccTagSparseMatrixArray

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined behavior due to a null pointer passed to memcpy in CIccTagSparseMatrixArray. This issue has been patched in...

CVE-2026-21503

iccDEV is affected by undefined behavior prior to version 2.3.1.2 due to a null pointer passed to memcpy() in CIccTagSparseMatrixArray. The issue has been patched in version 2.3.1.2. Affected scope: iccDEV library/tooling for ICC color management profiles. Impact is defined as undefined behavior ...

CVE-2026-21503 iccDEV has Undefined Behavior - Null Pointer Passed to memcpy() in CIccTagSparseMatrixArray

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined behavior due to a null pointer passed to memcpy in CIccTagSparseMatrixArray. This issue has been patched in...

PT-2026-2069

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.2 Description iccDEV is a set of libraries and tools used for interacting with, manipulating, and applying ICC color management profiles. Versions prior to 2.3.1.2 exhibit undefined behavior due to a null pointer...

CVE-2026-21486 Use After Free and Heap-based Buffer Overflow and Integer Overflow or Wraparound and Out-of-bounds Write in iccDEV

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below contain Use After Free, Heap-based Buffer Overflow and Integer Overflow or Wraparound and Out-of-bounds Write vulnerabilities in its CIccSparseMatrix::CIccSparseMatrix function...

CVE-2026-21486 Use After Free and Heap-based Buffer Overflow and Integer Overflow or Wraparound and Out-of-bounds Write in iccDEV

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below contain Use After Free, Heap-based Buffer Overflow and Integer Overflow or Wraparound and Out-of-bounds Write vulnerabilities in its CIccSparseMatrix::CIccSparseMatrix function...

iccDEV 缓冲区错误漏洞

iccDEV is a color configuration codebase open-sourced by the International Color Consortium ICC. A buffer error vulnerability exists in iccDEV version 2.3.1.1 and earlier, which stems from a post-release reuse, heap-based buffer overflow, and integer overflow or wrap-around error and out-of-bound...

mirror_sparse_matrix (>=0.1.1 <=0.1.17) potentially affected by unknown CVE via binary_vec_io (=0.1.12)

binaryvecio CARGO version =0.1.12 is affected by a known vulnerability. The following packages have a transitive dependency on binaryvecio and may be impacted: - mirrorsparsematrix =0.1.1, =0.1.17 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0109...

EUVD-2021-0441

Malware in sbrugna...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the read method of the SparseMatrix class. An attacker can execute arbitrary code or escalate privileges by providing a crafted serialized object to be deserialized. Note: This is only exploitable i...

BIT-TENSORFLOW-2021-41219 Undefined behavior via `nullptr` reference binding in sparse matrix multiplication

TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to nullptr. This occurs whenever the dimensions of a or b are 0 or less. In the case on one of these is 0, an empt...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service DoS attacks. An attacker is able to cause denial of service conditions by providing a sparsematrix input that is not a matrix with a shape of rank 0, triggering a CHECK fail in tf.rawops.SparseMatrixNNZ...

GHSA-G9FM-R5MM-RF9F `CHECK_EQ` fail via input in `SparseMatrixNNZ`

Impact An input sparsematrix that is not a matrix with a shape with rank 0 will trigger a CHECK fail in tf.rawops.SparseMatrixNNZ. python import tensorflow as tf tf.rawops.SparseMatrixNNZsparsematrix= Patches We have patched the issue in GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693. The...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when the input sparsematrix is not a matrix with a shape with rank 0. As a result, a CHECK fail will be triggered in tf.rawops.SparseMatrixNNZ. Details Denial of Service DoS describes a family of attacks, all aimed...

AZL-11540 CVE-2022-41901 affecting package tensorflow for versions less than 2.11.0-1

TensorFlow is an open source platform for machine learning. An input sparsematrix that is not a matrix with a shape with rank 0 will trigger a CHECK fail in tf.rawops.SparseMatrixNNZ. We have patched the issue in GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693. The fix will be included in...