Unity Linux 20.1050e / 20.1070e Security Update: LibRaw (UTSA-2026-015472)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015472 advisory. In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser. Tenable has extracted the preceding description block directl...

CVE-2026-41503 BACnet Stack: Out-of-Bounds Read in ReadPropertyMultiple Property Decoder via Deprecated Tag Parser

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an out-of-bounds read vulnerability in bacnet-stack's ReadPropertyMultiple service property decoder allows unauthenticated remote attackers to read past allocated buffer boundaries by sending an RP...

CVE-2026-41503 BACnet Stack: Out-of-Bounds Read in ReadPropertyMultiple Property Decoder via Deprecated Tag Parser

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an out-of-bounds read vulnerability in bacnet-stack's ReadPropertyMultiple service property decoder allows unauthenticated remote attackers to read past allocated buffer boundaries by sending an RP...

CVE-2026-41503

Technical details about CVE-2026-41503 are not publicly available in the provided documents. Monitor for updates from official advisories.

CVE-2026-41475 BACnet Stack: Out-of-Bounds Read in WritePropertyMultiple Decoder via Deprecated Tag Parser

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an out-of-bounds read vulnerability in bacnet-stack's WritePropertyMultiple service decoder allows unauthenticated remote attackers to read past allocated buffer boundaries by sending a truncated W...

CVE-2026-41475

Summary: CVE-2026-41475 affects the BACnet Stack library. Prior to version 1.4.3, the WritePropertyMultiple service decoder is vulnerable to an out-of-bounds read caused by wpm_decode_object_property() invoking the deprecated decode_tag_number_and_value() function, which performs no bounds checki...

CVE-2026-31792 iccDEV has a null pointer dereference in CIccTagXmlStruct::ParseTag()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a null pointer dereference in CIccTagXmlStruct::ParseTag causing a segmentation fault or denial of service. This vulnerability is fixed in 2.3.1.5...

CVE-2026-31792

CVE-2026-31792 affects iccDEV libraries for ICC color management profiles. A null pointer dereference in CIccTagXmlStruct::ParseTag() can lead to a segmentation fault or denial of service. The issue exists prior to version 2.3.1.5 and is fixed in 2.3.1.5. CVSS 3.1 base metrics indicate high impac...

iccDEV security vulnerability

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.1 contained security vulnerabilities. These vulnerabilities stemmed from undefined behavior and null pointer dereferencing in the CIccTagXmlFloatNum::ParseX...

CVE-2026-21497

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via an unknown tag parser. This issue has been patched in version 2.3.1.2...

CVE-2026-21502

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML tag parser. This issue has been patched in version 2.3.1.2...

CVE-2026-21502

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML tag parser. This issue has been patched in version 2.3.1.2...

CVE-2026-21497

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via an unknown tag parser. This issue has been patched in version 2.3.1.2...

EUVD-2026-1405

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML tag parser. This issue has been patched in version 2.3.1.2...

CVE-2026-21502

CVE-2026-21502 affects iccDEV: prior to version 2.3.1.2, the XML tag parser can dereference a NULL pointer. This vulnerability is patched in 2.3.1.2. Red Hat and other sources confirm the issue and remediation is to upgrade to 2.3.1.2 or later. Impact details specify a NULL pointer dereference in...

CVE-2026-21497 NULL Pointer Dereference in iccDEV Unknown Tag Parser

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via an unknown tag parser. This issue has been patched in version 2.3.1.2...

CVE-2026-21497 NULL Pointer Dereference in iccDEV Unknown Tag Parser

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via an unknown tag parser. This issue has been patched in version 2.3.1.2...

CVE-2026-21497

CVE-2026-21497 affects iccDEV before version 2.3.1.2, where a NULL pointer dereference can occur via an unknown tag parser. Red Hat and other sources confirm the issue and state it has been patched in iccDEV 2.3.1.2. The vulnerability is described across multiple feeds (NVD, Red Hat, CVE records,...

CVE-2026-21497 NULL Pointer Dereference in iccDEV Unknown Tag Parser

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via an unknown tag parser. This issue has been patched in version 2.3.1.2...

PT-2026-2068

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.2 Description iccDEV is a set of libraries and tools used for interacting with, manipulating, and applying ICC color management profiles. A NULL pointer dereference issue exists in the XML tag parser in versions...