CVE-2026-34548 iccDEV: UB at IccUtilXml.cpp

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior UB condition in the XML conversion tooling path iccToXml caused by an implicit conversion from a negative signed integer to icUInt32Number unsigned...

CVE-2026-24411

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in CIccTagXmlSegmentedCurve::ToXml. This occurs when user-controllable input is unsafely incorporated into ICC profile data or oth...

CVE-2026-24411 iccDEV has Undefined Behavior and Null Pointer Deference in CIccTagXmlSegmentedCurve::ToXml()

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in CIccTagXmlSegmentedCurve::ToXml. This occurs when user-controllable input is unsafely incorporated into ICC profile data or oth...

PT-2026-4560

Name of the Vulnerable Software and Affected Versions iccDEV versions 2.3.1.1 and below Description iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below contain Undefined Behavior in the...

CVE-2026-21690

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in CIccTagXmlTagData::ToXml. This vulnerability affects users o...

CVE-2026-21692

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in ToXmlCurve at IccXML/IccLibXML/IccMpeXml.cpp. This...

CVE-2026-21690

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in CIccTagXmlTagData::ToXml. This vulnerability affects users o...

CVE-2026-21692 iccDEV has Type Confusion in ToXmlCurve() at IccXML/IccLibXML/IccMpeXml.cpp

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in ToXmlCurve at IccXML/IccLibXML/IccMpeXml.cpp. This...

iccDEV 安全漏洞

iccDEV is an open source color configuration code library from the International Color Consortium. A security vulnerability exists in iccDEV versions prior to 2.3.1.2, which stems from a type confusion in the CIccSegmentedCurveXml::ToXml function in the IccXML/IccLibXML/IccMpeXml.cpp file...

UBUNTU-CVE-2023-40074

In saveToXml of PersistableBundle.java, invalid data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

Apigee API Security policies howto

The Genesis of Apigee API Security Guidelines In today's digital epoch, APIs Application Programming Interfaces" have ascended to be the fundamental infrastructure underpinning software development - furnishing the medium for diverse software systems to interact and exchange data. Yet, with this...

The vulnerability of the Java-to-XML Apache XMLBeans tool, related to errors in processing XML entities, allows attackers to trigger a service failure or disclose protected information.

The vulnerability of the Java-to-XML Apache XMLBeans tool is related to errors in processing XML entities. Exploiting this vulnerability can allow an attacker to cause service failures or expose sensitive information...

pdftoxml heap buffer overflow vulnerability (CNVD-2021-89050)

pdftoxml is an open source PDF to XML converter. pdftoxml version 2.0 of the TextPage::dump function has a heap buffer overflow vulnerability. There is no detailed vulnerability details provided...

Pdf2xml 缓冲区错误漏洞

pdftoxml is an open source PDF to XML converter. pdftoxml version 2.0 of the TextPage::dump function has a heap buffer overflow vulnerability. There is no detailed vulnerability details provided...

pdf2xml 缓冲区错误漏洞

pdftoxml is an open source PDF to XML converter. pdftoxml version 2.0 has a stack buffer overflow vulnerability in the getObjectStream component. No detailed vulnerability details are available at this time...

Pdf2xml 缓冲区错误漏洞

pdftoxml is an open source PDF to XML converter. pdftoxml version 2.0 of the TextPage::addAttributsNode function has a heap buffer overflow vulnerability. No detailed vulnerability details are currently available...

PDF2JSON 资源管理错误漏洞

PDF2JSON is a conversion library based on XPDF 3.02 that can be used to convert PDF pages to JSON and XML formats on a page-by-page basis. PDF2JSON Gfx::doShowText has a security vulnerability. An attacker could exploit this vulnerability to cause a denial of service...

Design/Logic Flaw

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...

The vulnerability of the Xstream Java library for converting objects to XML or JSON format arises from the lack of measures taken to eliminate special elements used in operating system commands. This vulnerability allows attackers to execute arbitrary code.

The vulnerability of the Java library for converting objects to XML or JSON format, Xstream, exists due to the lack of measures taken to eliminate special elements used in the operating system command. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

Decoder++ - An Extensible Application For Penetration Testers And Software Developers To Decode/Encode Data Into Various Formats

An extensible application for penetration testers and software developers to decode/encode data into various formats. Setup Decoder++ can be either installed by using pip or by pulling the source from this repository: Install using pip pip3 install decoder-plus-plus Overview This section provides...