ChrisCoxArt

25 exploits Active since Aug 2022
CVE-2022-0496 WRITEUP MEDIUM WRITEUP
OpenSCAD < 2022-02-04 - Memory Corruption via DXF Import
A vulnerbiility was found in Openscad, where a DXF-format drawing with particular (not necessarily malformed!) properties may cause an out-of-bounds memory access when imported using import().
CVSS 5.5
CVE-2026-21501 WRITEUP MEDIUM WRITEUP
iccdev < 2.3.1.2 - Stack Overflow in Calculator Parser
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to stack overflow in the calculator parser. This issue has been patched in version 2.3.1.2.
CVSS 5.5
CVE-2026-21500 WRITEUP MEDIUM WRITEUP
iccdev < 2.3.1.2 - Stack Overflow in XML Calculator Macro Expansion
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to stack overflow in the XML calculator macro expansion. This issue has been patched in version 2.3.1.2.
CVSS 5.5
CVE-2026-21504 WRITEUP MEDIUM WRITEUP
iccDEV < 2.3.1.2 - Heap-based Buffer Overflow in ToneMap Parser
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap buffer overflow in the ToneMap parser. This issue has been patched in version 2.3.1.2.
CVSS 6.6
CVE-2026-21486 WRITEUP HIGH WRITEUP
iccdev < 2.3.1.2 - Heap-based Buffer Overflow in CIccSparseMatrix
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below contain Use After Free, Heap-based Buffer Overflow and Integer Overflow or Wraparound and Out-of-bounds Write vulnerabilities in its CIccSparseMatrix::CIccSparseMatrix function. This issue is fixed in version 2.3.1.2.
CVSS 7.8
CVE-2026-21487 WRITEUP MEDIUM WRITEUP
iccDEV < 2.3.1.2 - Out-of-bounds Read in CIccProfile::LoadTag
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below have an Out-of-bounds Read, Use of Out-of-range Pointer Offset and have Improper Input Validation in its CIccProfile::LoadTag function. This issue is fixed in version 2.3.1.2.
CVSS 6.1
CVE-2026-21488 WRITEUP MEDIUM WRITEUP
iccdev < 2.3.1.2 - Heap-based Buffer Overflow in CIccTagText::Read
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Out-of-bounds Read, Heap-based Buffer Overflow and Improper Null Termination through its CIccTagText::Read function. This issue is fixed in version 2.3.1.2.
CVSS 6.1
CVE-2026-21489 WRITEUP MEDIUM WRITEUP
iccDEV < 2.3.1.2 - Out-of-bounds Read and Integer Underflow in CIccCalculatorFunc::SequenceNeedTempReset
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below have Out-of-bounds Read and Integer Underflow (Wrap or Wraparound) vulnerabilities in its CIccCalculatorFunc::SequenceNeedTempReset function. This issue is fixed in version 2.3.1.2.
CVSS 6.1
CVE-2026-21495 WRITEUP MEDIUM WRITEUP
iccDEV < 2.3.1.2 - Denial of Service via TIFF Image Reader Division by Zero
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to division by zero in the TIFF Image Reader. This issue has been patched in version 2.3.1.2.
CVSS 5.5
CVE-2026-21496 WRITEUP MEDIUM WRITEUP
iccDEV < 2.3.1.2 - Denial of Service via Signature Parser NULL Pointer Dereference
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the signature parser. This issue has been patched in version 2.3.1.2.
CVSS 5.5
CVE-2026-21497 WRITEUP MEDIUM WRITEUP
Color Iccdev < 2.3.1.2 - NULL Pointer Dereference
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via an unknown tag parser. This issue has been patched in version 2.3.1.2.
CVSS 5.5
CVE-2026-21502 WRITEUP MEDIUM WRITEUP
iccdev < 2.3.1.2 - Denial of Service via XML Tag Parser
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML tag parser. This issue has been patched in version 2.3.1.2.
CVSS 5.5
CVE-2026-21505 WRITEUP MEDIUM WRITEUP
iccDEV < 2.3.1.2 - Undefined Behavior via Invalid Enum Value
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined behavior due to an invalid enum value. This issue has been patched in version 2.3.1.2.
CVSS 5.5
CVE-2026-21507 WRITEUP HIGH WRITEUP
iccdev < 2.3.1.1 - Denial of Service via Infinite Loop in CalcProfileID
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have an infinite loop in the IccProfile.cpp function, CalcProfileID. This issue is fixed in version 2.3.1.1.
CVSS 7.5
CVE-2026-21675 WRITEUP CRITICAL WRITEUP
iccdev < 2.3.1.1 - Use-After-Free in CIccXform::Create()
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a Use After Free vulnerability in the CIccXform::Create() function, where it deletes the hint. This issue is fixed in version 2.3.1.1.
CVSS 9.8
CVE-2026-21676 WRITEUP HIGH WRITEUP
iccDEV < 2.3.1.1 - Heap-based Buffer Overflow in CIccMBB::Validate
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have a Heap-based Buffer Overflow in its CIccMBB::Validate function which checks tag data validity. This issue is fixed in version 2.3.1.1.
CVSS 8.8
CVE-2026-21677 WRITEUP HIGH WRITEUP
iccdev < 2.3.1.1 - Undefined Behavior in CIccCLUT::Init Function
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have Undefined Behavior in its CIccCLUT::Init function which initializes and sets the size of a CLUT. This issue is fixed in version 2.3.1.1.
CVSS 8.8
CVE-2026-24404 WRITEUP HIGH WRITEUP
iccDEV <2.3.1.1 - Null Pointer Dereference
iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, CIccXmlArrayType() contains a Null Pointer Dereference and Undefined Behavior vulnerability. This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs. Successful exploitation may allow an attacker to perform DoS, manipulate data, bypass application logic and Code Execution. This issue has been fixed in version 2.3.1.2.
CVSS 7.1
CVE-2026-24405 WRITEUP HIGH WRITEUP
iccdev < 2.3.1.2 - Heap-based Buffer Overflow in CIccMpeCalculator::Read()
iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccMpeCalculator::Read(). This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs. Successful exploitation may allow an attacker to perform DoS, manipulate data, bypass application logic and Code Execution. This issue has been fixed in version 2.3.1.2.
CVSS 8.8
CVE-2026-24406 WRITEUP HIGH WRITEUP
iccDEV < 2.3.1.2 - Heap-based Buffer Overflow in CIccTagNamedColor2::SetSize()
iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccTagNamedColor2::SetSize(). This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs. Successful exploitation may allow an attacker to perform DoS, manipulate data, bypass application logic and Code Execution. This issue has been fixed in version 2.3.1.2.
CVSS 8.8
CVE-2026-24407 WRITEUP HIGH WRITEUP
iccDEV <2.3.1.1 - Memory Corruption
iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in icSigCalcOp(). This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs. Successful exploitation may allow an attacker to perform DoS, manipulate data, bypass application logic and Code Execution. This issue has been fixed in version 2.3.1.2.
CVSS 7.1
CVE-2026-24409 WRITEUP HIGH WRITEUP
iccdev < 2.3.1.2 - Null Pointer Dereference in CIccTagXmlFloatNum ParseXml
iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIccTagXmlFloatNum<>::ParseXml(). This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs. Successful exploitation may allow an attacker to perform DoS, manipulate data, bypass application logic and Code Execution. This issue has been fixed in version 2.3.1.2.
CVSS 7.1
CVE-2026-24410 WRITEUP HIGH WRITEUP
iccDEV < 2.3.1.2 - Null Pointer Dereference in CIccProfileXml::ParseBasic()
iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIccProfileXml::ParseBasic(). This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs. Successful exploitation may allow an attacker to perform DoS, manipulate data, bypass application logic and Code Execution. This issue has been fixed in version 2.3.1.2.
CVSS 7.1
CVE-2026-24411 WRITEUP HIGH WRITEUP
iccDEV <2.3.1.1 - Memory Corruption
iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in CIccTagXmlSegmentedCurve::ToXml(). This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs. Successful exploitation may allow an attacker to perform DoS, manipulate data, bypass application logic and Code Execution. This issue has been fixed in version 2.3.1.2.
CVSS 7.1
CVE-2026-24412 WRITEUP HIGH WRITEUP
iccDEV < 2.3.1.2 - Heap-based Buffer Overflow in CIccTagXmlSegmentedCurve::ToXml()
iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have aHeap Buffer Overflow vulnerability in the CIccTagXmlSegmentedCurve::ToXml() function. This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs. Successful exploitation may allow an attacker to perform DoS, manipulate data, bypass application logic and Code Execution. This issue has been fixed in version 2.3.1.2.
CVSS 8.8