Monthly
Local attackers can exploit a type confusion vulnerability in iccDEV 2.3.1.1 and earlier during XML curve serialization to cause denial of service or achieve information disclosure. The flaw exists in the CIccSingleSampledeCurveXml class and affects systems using vulnerable versions of the ICC color management library. Public exploit code exists for this vulnerability, though a patch is available in version 2.3.1.2.
Local attackers can exploit a type confusion vulnerability in iccDEV 2.3.1.1 and earlier during XML curve serialization to cause denial of service or achieve information disclosure. The flaw exists in the CIccSingleSampledeCurveXml class and affects systems using vulnerable versions of the ICC color management library. Public exploit code exists for this vulnerability, though a patch is available in version 2.3.1.2.