D Hoyt

12 exploits Active since Jan 2026
CVE-2026-21501 WRITEUP MEDIUM WRITEUP
iccdev < 2.3.1.2 - Stack Overflow in Calculator Parser
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to stack overflow in the calculator parser. This issue has been patched in version 2.3.1.2.
CVSS 5.5
CVE-2026-21505 WRITEUP MEDIUM WRITEUP
iccDEV < 2.3.1.2 - Undefined Behavior via Invalid Enum Value
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined behavior due to an invalid enum value. This issue has been patched in version 2.3.1.2.
CVSS 5.5
CVE-2026-21485 WRITEUP HIGH WRITEUP
iccdev < 2.3.1.2 - Out-of-bounds Read
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are prone to have Undefined Behavior (UB) and Out of Memory errors. This issue is fixed in version 2.3.1.2.
CVSS 8.8
CVE-2026-21492 WRITEUP MEDIUM WRITEUP
iccDEV < 2.3.1.2 - NULL Pointer Dereference
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a NULL pointer member call vulnerability. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.
CVSS 5.5
CVE-2026-21494 WRITEUP MEDIUM WRITEUP
iccDEV < 2.3.1.2 - Heap-based Buffer Overflow in CIccTagLut8::Validate()
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It results in heap buffer overflow in `CIccTagLut8::Validate()`. Version 2.3.1.2 contains a patch. No known workarounds are available.
CVSS 6.1
CVE-2026-21498 WRITEUP MEDIUM WRITEUP
iccdev < 2.3.1.2 - Denial of Service via XML Calculator Parser
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML calculator parser. This issue has been patched in version 2.3.1.2.
CVSS 5.5
CVE-2026-21503 WRITEUP MEDIUM WRITEUP
iccDEV < 2.3.1.2 - Denial of Service via Null Pointer in CIccTagSparseMatrixArray
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined behavior due to a null pointer passed to memcpy() in CIccTagSparseMatrixArray. This issue has been patched in version 2.3.1.2.
CVSS 6.1
CVE-2026-21506 WRITEUP MEDIUM WRITEUP
iccDEV < 2.3.1.2 - Denial of Service via Null Pointer Dereference in CIccProfileXml::ParseBasic()
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to Null pointer dereference in CIccProfileXml::ParseBasic(), leading to denial of service. This issue has been patched in version 2.3.1.2.
CVSS 5.5
CVE-2026-21673 WRITEUP HIGH WRITEUP
iccDEV < 2.3.1.1 - Integer Overflow in CIccXmlArrayType::ParseTextCountNum()
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have overflows and underflows in CIccXmlArrayType::ParseTextCountNum(). This vulnerability affects users of the iccDEV library who process ICC color profiles. This issue is fixed in version 2.3.1.1.
CVSS 7.8
CVE-2026-21674 WRITEUP LOW WRITEUP
iccdev < 2.3.1.1 - Memory Leak in XML MPE Parsing Path
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a memory leak vulnerability in its XML MPE Parsing Path (iccFromXml). This issue is fixed in version 2.3.1.1.
CVSS 3.3
CVE-2026-21678 WRITEUP HIGH WRITEUP
iccdev < 2.3.1.2 - Heap-based Buffer Overflow in IccTagXml()
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap-buffer-overflow vulnerability in IccTagXml(). This issue has been patched in version 2.3.1.2.
CVSS 7.8
CVE-2026-21679 WRITEUP HIGH WRITEUP
iccDEV < 2.3.1.2 - Heap-Based Buffer Overflow in CIccLocalizedUnicode::GetText()
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap-buffer-overflow in CIccLocalizedUnicode::GetText(). This issue has been patched in version 2.3.1.2.
CVSS 8.8