Color Security Vulnerabilities (CVEs)

A heap buffer overflow vulnerability in iccDEV allows reading past allocated memory boundaries when parsing ICC profile XML text description tags. Thi...

This CVE describes a buffer overlap vulnerability in iccDEV's CIccTagMultiProcessElement::Apply() function where SrcPixel and DestPixel stack buffers ...

This vulnerability in iccDEV allows attackers to trigger an out-of-bounds read by providing a malformed ICC color profile. This can lead to memory dis...

A heap buffer overflow vulnerability in iccDEV's CIccIO::WriteUInt16Float() function allows attackers to cause denial of service or potentially execut...

A heap buffer overflow vulnerability exists in iccDEV's CIccFileIO::Read8() function when processing malformed ICC profile files. This allows attacker...

A stack-buffer-overflow vulnerability in iccDEV's CIccTagFloatNum::GetValues() function allows memory corruption when processing malformed ICC color p...

A memory corruption vulnerability in iccDEV library versions before 2.3.1.2 allows arbitrary code execution when processing malicious ICC color profil...

A heap buffer over-read vulnerability in iccDEV library versions before 2.3.1.2 allows attackers to potentially leak heap memory contents and cause ap...

CVE-2026-24410 is a vulnerability in iccDEV's ICC color management profile libraries where improper input validation in CIccProfileXml::ParseBasic() l...

CVE-2026-24411 is an undefined behavior vulnerability in iccDEV's CIccTagXmlSegmentedCurve::ToXml() function that allows attackers to perform denial o...

A heap buffer overflow vulnerability in iccDEV's CIccTagXmlSegmentedCurve::ToXml() function allows attackers to execute arbitrary code or cause denial...

This vulnerability in iccDEV allows attackers to exploit undefined behavior and null pointer dereferences when processing user-controlled ICC color pr...

CVE-2026-24406 is a heap buffer overflow vulnerability in iccDEV's CIccTagNamedColor2::SetSize() function that allows attackers to execute arbitrary c...

CVE-2026-24407 is an undefined behavior vulnerability in iccDEV's icSigCalcOp() function that allows attackers to manipulate ICC color profile data. S...

An integer overflow vulnerability in iccDEV's CIccProfile::CheckHeader() function allows attackers to trigger memory corruption or denial of service b...

A null pointer dereference vulnerability in iccDEV's CIccXmlArrayType() function allows attackers to cause denial of service, manipulate data, bypass ...

A heap buffer overflow vulnerability in iccDEV's CIccMpeCalculator::Read() function allows attackers to execute arbitrary code or cause denial of serv...

A heap-buffer-overflow vulnerability in iccDEV's CIccCLUT::Init() function allows attackers to execute arbitrary code or cause denial of service by pr...

A heap-buffer-overflow vulnerability in iccDEV's SIccCalcOp::Describe() function allows attackers to execute arbitrary code or cause denial of service...

A type confusion vulnerability in iccDEV's SIccCalcOp::ArgsPushed() function allows attackers to potentially execute arbitrary code or cause denial of...

A type confusion vulnerability in iccDEV's CIccProfileXml::ParseBasic() function allows attackers to potentially execute arbitrary code or cause denia...

CVE-2026-21690 is a type confusion vulnerability in iccDEV's CIccTagXmlTagData::ToXml() function that could allow memory corruption when processing ma...

A type confusion vulnerability in iccDEV's CIccTag::IsTypeCompressed() function allows attackers to potentially execute arbitrary code or cause denial...

A type confusion vulnerability in iccDEV's ToXmlCurve() function allows attackers to potentially execute arbitrary code or cause denial of service by ...

CVE-2026-21693 is a type confusion vulnerability in iccDEV's CIccSegmentedCurveXml::ToXml() function that could allow memory corruption when processin...

A heap-buffer-overflow vulnerability in iccDEV's CIccProfileXml::ParseBasic() function allows attackers to execute arbitrary code or cause denial of s...

A type confusion vulnerability in iccDEV's CIccEvalCompare::EvaluateProfile() function allows attackers to execute arbitrary code or cause denial of s...

This vulnerability involves undefined behavior in the CIccTagSpectralViewingConditions() function of the iccDEV library, which could lead to crashes, ...

This vulnerability involves undefined behavior in the CIccTagLut16::Read() function of the iccDEV library, which could lead to memory corruption when ...

This vulnerability involves undefined behavior in the CIccTagLutAtoB::Validate() function of the iccDEV library, which could lead to crashes, memory c...

CVE-2026-21687 is an undefined behavior vulnerability in the CIccTagCurve constructor of the iccDEV library that processes ICC color profiles. This co...

CVE-2026-21681 is an undefined behavior runtime error in iccDEV library versions before 2.3.1.2 that could lead to crashes or potentially arbitrary co...

CVE-2026-21682 is a heap buffer overflow vulnerability in iccDEV's CIccXmlArrayType::ParseText() function that allows attackers to execute arbitrary c...

CVE-2026-21678 is a heap-buffer-overflow vulnerability in the IccTagXml() function of iccDEV, a library for ICC color management profiles. It allows a...

CVE-2026-21679 is a heap buffer overflow vulnerability in iccDEV's CIccLocalizedUnicode::GetText() function that could allow attackers to execute arbi...

A NULL pointer dereference vulnerability in iccDEV library versions before 2.3.1.2 can cause application crashes or denial of service when processing ...

CVE-2026-21501 is a stack overflow vulnerability in iccDEV's calculator parser that could allow attackers to execute arbitrary code or cause denial of...

CVE-2026-21502 is a NULL pointer dereference vulnerability in iccDEV's XML tag parser that can cause application crashes or denial of service. This af...

This vulnerability in iccDEV allows attackers to trigger undefined behavior by exploiting a null pointer passed to memcpy() in CIccTagSparseMatrixArra...

CVE-2026-21504 is a heap buffer overflow vulnerability in the ToneMap parser of iccDEV color management libraries. This allows attackers to execute ar...

CVE-2026-21505 is an undefined behavior vulnerability in iccDEV color management libraries caused by an invalid enum value. This could potentially lea...

This CVE describes a null pointer dereference vulnerability in iccDEV's CIccProfileXml::ParseBasic() function that can cause denial of service. Attack...

A division by zero vulnerability exists in iccDEV's TIFF Image Reader component, which could cause application crashes or denial of service when proce...

CVE-2026-21496 is a NULL pointer dereference vulnerability in iccDEV's signature parser that can cause denial of service. This affects applications us...

A NULL pointer dereference vulnerability in iccDEV's unknown tag parser allows attackers to cause denial of service by crashing applications using the...

A NULL pointer dereference vulnerability exists in iccDEV's XML calculator parser before version 2.3.1.2. This vulnerability could cause application c...

CVE-2026-21499 is a NULL pointer dereference vulnerability in iccDEV's XML parser that can cause application crashes or denial of service. This affect...

CVE-2026-21500 is a stack overflow vulnerability in iccDEV's XML calculator macro expansion that could allow attackers to execute arbitrary code or ca...

CVE-2026-21492 is a NULL pointer dereference vulnerability in iccDEV library versions before 2.3.1.2 that could cause application crashes or denial of...

A heap buffer overflow vulnerability in iccDEV library's CIccTagLut8::Validate() function allows attackers to execute arbitrary code or cause denial o...