D Hoyt

10 exploits Active since Jan 2026
CVE-2026-21485 WRITEUP HIGH WRITEUP
iccDEV <2.3.1.2 - Buffer Overflow
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are prone to have Undefined Behavior (UB) and Out of Memory errors. This issue is fixed in version 2.3.1.2.
CVSS 8.8
CVE-2026-21492 WRITEUP MEDIUM WRITEUP
Color Iccdev < 2.3.1.2 - NULL Pointer Dereference
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a NULL pointer member call vulnerability. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.
CVSS 5.5
CVE-2026-21494 WRITEUP MEDIUM WRITEUP
Color Iccdev < 2.3.1.2 - Buffer Overflow
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It results in heap buffer overflow in `CIccTagLut8::Validate()`. Version 2.3.1.2 contains a patch. No known workarounds are available.
CVSS 6.1
CVE-2026-21498 WRITEUP MEDIUM WRITEUP
Color Iccdev < 2.3.1.2 - NULL Pointer Dereference
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML calculator parser. This issue has been patched in version 2.3.1.2.
CVSS 5.5
CVE-2026-21503 WRITEUP MEDIUM WRITEUP
Color Iccdev < 2.3.1.2 - NULL Pointer Dereference
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined behavior due to a null pointer passed to memcpy() in CIccTagSparseMatrixArray. This issue has been patched in version 2.3.1.2.
CVSS 6.1
CVE-2026-21506 WRITEUP MEDIUM WRITEUP
Color Iccdev < 2.3.1.2 - Improper Input Validation
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to Null pointer dereference in CIccProfileXml::ParseBasic(), leading to denial of service. This issue has been patched in version 2.3.1.2.
CVSS 5.5
CVE-2026-21673 WRITEUP HIGH WRITEUP
Color Iccdev < 2.3.1.1 - Integer Overflow
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have overflows and underflows in CIccXmlArrayType::ParseTextCountNum(). This vulnerability affects users of the iccDEV library who process ICC color profiles. This issue is fixed in version 2.3.1.1.
CVSS 7.8
CVE-2026-21674 WRITEUP LOW WRITEUP
Color Iccdev < 2.3.1.1 - Memory Leak
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a memory leak vulnerability in its XML MPE Parsing Path (iccFromXml). This issue is fixed in version 2.3.1.1.
CVSS 3.3
CVE-2026-21678 WRITEUP HIGH WRITEUP
Color Iccdev < 2.3.1.2 - Out-of-Bounds Write
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap-buffer-overflow vulnerability in IccTagXml(). This issue has been patched in version 2.3.1.2.
CVSS 7.8
CVE-2026-21679 WRITEUP HIGH WRITEUP
Color Iccdev < 2.3.1.2 - Out-of-Bounds Write
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap-buffer-overflow in CIccLocalizedUnicode::GetText(). This issue has been patched in version 2.3.1.2.
CVSS 8.8