Chris Cox

29 exploits Active since Jan 2026
CVE-2026-21504 WRITEUP MEDIUM WRITEUP
iccDEV < 2.3.1.2 - Heap-based Buffer Overflow in ToneMap Parser
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap buffer overflow in the ToneMap parser. This issue has been patched in version 2.3.1.2.
CVSS 6.6
CVE-2026-21501 WRITEUP MEDIUM WRITEUP
iccdev < 2.3.1.2 - Stack Overflow in Calculator Parser
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to stack overflow in the calculator parser. This issue has been patched in version 2.3.1.2.
CVSS 5.5
CVE-2026-21502 WRITEUP MEDIUM WRITEUP
iccdev < 2.3.1.2 - Denial of Service via XML Tag Parser
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML tag parser. This issue has been patched in version 2.3.1.2.
CVSS 5.5
CVE-2026-21505 WRITEUP MEDIUM WRITEUP
iccDEV < 2.3.1.2 - Undefined Behavior via Invalid Enum Value
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined behavior due to an invalid enum value. This issue has been patched in version 2.3.1.2.
CVSS 5.5
CVE-2026-27691 WRITEUP MEDIUM WRITEUP
iccDEV <=2.3.1.4 - Memory Corruption
iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, signed integer overflow in iccFromCube.cpp during multiplication triggers undefined behavior, potentially causing crashes or incorrect ICC profile generation when processing crafted/large cube inputs. Commit 43ae18dd69fc70190d3632a18a3af2f3da1e052a fixes the issue. No known workarounds are available.
CVSS 6.2
CVE-2026-27692 WRITEUP HIGH WRITEUP
iccDEV <=2.3.1.4 - Memory Corruption
iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, heap-buffer-overflow read occurs during CIccTagTextDescription::Release() when strlen() reads past a heap buffer while parsing ICC profile XML text description tags, causing a crash. Commit 29d088840b962a7cdd35993dfabc2cb35a049847 fixes the issue. No known workarounds are available.
CVSS 7.1
CVE-2026-21485 WRITEUP HIGH WRITEUP
iccdev < 2.3.1.2 - Out-of-bounds Read
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are prone to have Undefined Behavior (UB) and Out of Memory errors. This issue is fixed in version 2.3.1.2.
CVSS 8.8
CVE-2026-21490 WRITEUP MEDIUM WRITEUP
iccDEV < 2.3.1.2 - Heap-based Buffer Overflow in CIccTagLut16::Validate()
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It results in heap buffer overflow in `CIccTagLut16::Validate()`. Version 2.3.1.2 contains a patch. No known workarounds are available.
CVSS 6.1
CVE-2026-21491 WRITEUP MEDIUM WRITEUP
iccDEV < 2.3.1.2 - Heap-based Buffer Overflow in CIccTagTextDescription
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It results in unicode buffer overflow in `CIccTagTextDescription`. Version 2.3.1.2 contains a patch. No known workarounds are available.
CVSS 6.1
CVE-2026-21492 WRITEUP MEDIUM WRITEUP
iccDEV < 2.3.1.2 - NULL Pointer Dereference
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a NULL pointer member call vulnerability. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.
CVSS 5.5
CVE-2026-21494 WRITEUP MEDIUM WRITEUP
iccDEV < 2.3.1.2 - Heap-based Buffer Overflow in CIccTagLut8::Validate()
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It results in heap buffer overflow in `CIccTagLut8::Validate()`. Version 2.3.1.2 contains a patch. No known workarounds are available.
CVSS 6.1
CVE-2026-21498 WRITEUP MEDIUM WRITEUP
iccdev < 2.3.1.2 - Denial of Service via XML Calculator Parser
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML calculator parser. This issue has been patched in version 2.3.1.2.
CVSS 5.5
CVE-2026-21500 WRITEUP MEDIUM WRITEUP
iccdev < 2.3.1.2 - Stack Overflow in XML Calculator Macro Expansion
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to stack overflow in the XML calculator macro expansion. This issue has been patched in version 2.3.1.2.
CVSS 5.5
CVE-2026-21503 WRITEUP MEDIUM WRITEUP
iccDEV < 2.3.1.2 - Denial of Service via Null Pointer in CIccTagSparseMatrixArray
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined behavior due to a null pointer passed to memcpy() in CIccTagSparseMatrixArray. This issue has been patched in version 2.3.1.2.
CVSS 6.1
CVE-2026-21506 WRITEUP MEDIUM WRITEUP
iccDEV < 2.3.1.2 - Denial of Service via Null Pointer Dereference in CIccProfileXml::ParseBasic()
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to Null pointer dereference in CIccProfileXml::ParseBasic(), leading to denial of service. This issue has been patched in version 2.3.1.2.
CVSS 5.5
CVE-2026-21673 WRITEUP HIGH WRITEUP
iccDEV < 2.3.1.1 - Integer Overflow in CIccXmlArrayType::ParseTextCountNum()
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have overflows and underflows in CIccXmlArrayType::ParseTextCountNum(). This vulnerability affects users of the iccDEV library who process ICC color profiles. This issue is fixed in version 2.3.1.1.
CVSS 7.8
CVE-2026-21674 WRITEUP LOW WRITEUP
iccdev < 2.3.1.1 - Memory Leak in XML MPE Parsing Path
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a memory leak vulnerability in its XML MPE Parsing Path (iccFromXml). This issue is fixed in version 2.3.1.1.
CVSS 3.3
CVE-2026-21678 WRITEUP HIGH WRITEUP
iccdev < 2.3.1.2 - Heap-based Buffer Overflow in IccTagXml()
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap-buffer-overflow vulnerability in IccTagXml(). This issue has been patched in version 2.3.1.2.
CVSS 7.8
CVE-2026-21679 WRITEUP HIGH WRITEUP
iccDEV < 2.3.1.2 - Heap-Based Buffer Overflow in CIccLocalizedUnicode::GetText()
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap-buffer-overflow in CIccLocalizedUnicode::GetText(). This issue has been patched in version 2.3.1.2.
CVSS 8.8
CVE-2026-22861 WRITEUP HIGH WRITEUP
iccDEV < 2.3.1.2 - Heap-Based Buffer Overflow in SIccCalcOp::Describe()
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Prior to 2.3.1.2, There is a heap-based buffer overflow in SIccCalcOp::Describe() at IccProfLib/IccMpeCalc.cpp. This vulnerability affects users of the iccDEV library who process ICC color profiles. The vulnerability is fixed in 2.3.1.2.
CVSS 8.8
CVE-2026-24852 WRITEUP MEDIUM WRITEUP
iccDEV < 2.3.1.2 - Heap Buffer Over-Read via Non-Null-Terminated Buffer
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, a heap buffer over-read when the strlen() function attempts to read a non-null-terminated buffer potentially leaking heap memory contents and causing application termination. This vulnerability affects users of the iccDEV library who process ICC color profiles. ICC Profile Injection vulnerabilities arise when user-controllable input is incorporated into ICC profile data or other structured binary blobs in an unsafe manner. Version 2.3.1.2 contains a fix for the issue. No known workarounds are available.
CVSS 6.1
CVE-2026-24856 WRITEUP HIGH WRITEUP
iccDEV < 2.3.1.2 - Memory Corruption via Floating-Point NaN to Unsigned Short Conversion
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Versions prior to 2.3.1.2 have an undefined behavior issue when floating-point NaN values are converted to unsigned short integer types during ICC profile XML parsing potentially corrupting memory structures and enabling arbitrary code execution. This vulnerability affects users of the iccDEV library who process ICC color profiles. ICC Profile Injection vulnerabilities arise when user-controllable input is incorporated into ICC profile data or other structured binary blobs in an unsafe manner. Version 2.3.1.2 contains a fix for the issue. No known workarounds are available.
CVSS 7.8
CVE-2026-25502 WRITEUP HIGH WRITEUP
iccdev < 2.3.1.2 - Stack-based Buffer Overflow in icFixXml() via Malformed NamedColor2 Tag
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, stack-based buffer overflow in icFixXml() function when processing malformed ICC profiles, allows potential arbitrary code execution through crafted NamedColor2 tags. This issue has been patched in version 2.3.1.2.
CVSS 7.8
CVE-2026-25503 WRITEUP HIGH WRITEUP
iccdev < 2.3.1.2 - Denial of Service via Malformed ICC Profile
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, type confusion allowed malformed ICC profiles to trigger undefined behavior when loading invalid icImageEncodingType values causing denial of service. This issue has been patched in version 2.3.1.2.
CVSS 7.1
CVE-2026-25582 WRITEUP HIGH WRITEUP
iccdev < 2.3.1.3 - Heap Buffer Overflow Read in CIccIO::WriteUInt16Float()
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow (read) vulnerability in CIccIO::WriteUInt16Float() when converting malformed XML to ICC profiles via iccFromXml tool. This issue has been patched in version 2.3.1.3.
CVSS 7.8