Iccdev
Monthly
A buffer overflow in iccDEV versions before 2.3.1.2 affects users processing ICC color profiles through the library's CIccTagTextDescription component, allowing local attackers with user interaction to cause denial of service or potentially read sensitive memory. Public exploit code exists for this vulnerability. The issue has been patched in version 2.3.1.2.
Heap buffer overflow in iccDEV versions before 2.3.1.2 allows local attackers with user interaction to cause denial of service or disclose sensitive information when processing malicious ICC color profiles through the CIccTagLut16::Validate() function. Public exploit code exists for this vulnerability. A patch is available in version 2.3.1.2 with no known workarounds.
Local attackers can exploit a type confusion vulnerability in iccDEV 2.3.1.1 and earlier during XML curve serialization to cause denial of service or achieve information disclosure. The flaw exists in the CIccSingleSampledeCurveXml class and affects systems using vulnerable versions of the ICC color management library. Public exploit code exists for this vulnerability, though a patch is available in version 2.3.1.2.
Out-of-bounds memory reads in iccDEV versions 2.3.1.1 and earlier allow local attackers to cause denial of service or leak sensitive information through integer underflow flaws in the CIccCalculatorFunc::SequenceNeedTempReset function. The vulnerability requires user interaction and affects systems processing ICC color profiles. A patch is available in version 2.3.1.2.
Heap-based buffer overflow in iccDEV 2.3.1.1 and earlier allows local attackers with user interaction to cause denial of service or information disclosure through malformed ICC color profile files processed by the CIccTagText::Read function. The vulnerability stems from improper bounds checking and null termination handling when parsing profile data. A patch is available in version 2.3.1.2.
iccDEV color management library versions 2.3.1 and earlier contain undefined behavior in the CLUT initialization function that can be exploited remotely without authentication to achieve code execution, information disclosure, or denial of service. Public exploit code exists for this vulnerability which affects all users of the vulnerable library versions. A patch is available in version 2.3.1.1 and should be applied immediately.
Heap buffer overflow in iccDEV versions 2.3.1 and earlier allows remote attackers to execute arbitrary code or crash the application through malformed ICC color profile data processed by the CIccMBB::Validate function. Public exploit code exists for this vulnerability, which affects all users handling untrusted color profiles. Upgrade to version 2.3.1.1 or later to remediate.
iccDEV versions 2.3.1.1 and below allow local attackers to cause a denial of service or leak sensitive memory through improper input validation in the CIccProfile::LoadTag function, which fails to properly validate ICC profile data before processing. Public exploit code exists for this vulnerability, and a patch is available in version 2.3.1.2.
iccDEV versions 2.3.1.1 and earlier are vulnerable to use-after-free, heap buffer overflow, and integer overflow flaws in the CIccSparseMatrix function, allowing local attackers with user interaction to achieve arbitrary code execution. The vulnerability affects all systems using vulnerable iccDEV libraries for ICC color profile processing and is resolved in version 2.3.1.2.
iccDEV ICC color profile libraries versions 2.3.1.1 and earlier suffer from undefined behavior and out-of-memory errors that can be exploited remotely without authentication to achieve code execution or denial of service. Public exploit code exists for this vulnerability, affecting users who have not upgraded to version 2.3.1.2 or later. An attacker can trigger memory corruption through specially crafted ICC profile inputs with user interaction.
iccDEV ICC color profile library (through 2.3.1) has a use-after-free in CIccXform::Create() when processing hint objects. Processing a malicious ICC profile can lead to code execution. PoC available, fixed in 2.3.1.1.
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a memory leak vulnerability in its XML MPE Parsing Path (iccFromXml). [CVSS 3.3 LOW]
Integer overflow in iccDEV's CIccXmlArrayType::ParseTextCountNum() function allows local attackers with user interaction to achieve arbitrary code execution through maliciously crafted ICC color profile files. The vulnerability affects iccDEV versions 2.3.1 and below, impacting users who process untrusted color profiles. Public exploit code exists for this vulnerability, and a patch is available in version 2.3.1.1.
iccDEV ICC color profile processing library versions 2.3.1 and below contain an infinite loop in the CalcProfileID function that allows unauthenticated remote attackers to cause denial of service. Public exploit code exists for this vulnerability, and affected systems should upgrade to version 2.3.1.1 or later to remediate the issue.
A buffer overflow in iccDEV versions before 2.3.1.2 affects users processing ICC color profiles through the library's CIccTagTextDescription component, allowing local attackers with user interaction to cause denial of service or potentially read sensitive memory. Public exploit code exists for this vulnerability. The issue has been patched in version 2.3.1.2.
Heap buffer overflow in iccDEV versions before 2.3.1.2 allows local attackers with user interaction to cause denial of service or disclose sensitive information when processing malicious ICC color profiles through the CIccTagLut16::Validate() function. Public exploit code exists for this vulnerability. A patch is available in version 2.3.1.2 with no known workarounds.
Local attackers can exploit a type confusion vulnerability in iccDEV 2.3.1.1 and earlier during XML curve serialization to cause denial of service or achieve information disclosure. The flaw exists in the CIccSingleSampledeCurveXml class and affects systems using vulnerable versions of the ICC color management library. Public exploit code exists for this vulnerability, though a patch is available in version 2.3.1.2.
Out-of-bounds memory reads in iccDEV versions 2.3.1.1 and earlier allow local attackers to cause denial of service or leak sensitive information through integer underflow flaws in the CIccCalculatorFunc::SequenceNeedTempReset function. The vulnerability requires user interaction and affects systems processing ICC color profiles. A patch is available in version 2.3.1.2.
Heap-based buffer overflow in iccDEV 2.3.1.1 and earlier allows local attackers with user interaction to cause denial of service or information disclosure through malformed ICC color profile files processed by the CIccTagText::Read function. The vulnerability stems from improper bounds checking and null termination handling when parsing profile data. A patch is available in version 2.3.1.2.
iccDEV color management library versions 2.3.1 and earlier contain undefined behavior in the CLUT initialization function that can be exploited remotely without authentication to achieve code execution, information disclosure, or denial of service. Public exploit code exists for this vulnerability which affects all users of the vulnerable library versions. A patch is available in version 2.3.1.1 and should be applied immediately.
Heap buffer overflow in iccDEV versions 2.3.1 and earlier allows remote attackers to execute arbitrary code or crash the application through malformed ICC color profile data processed by the CIccMBB::Validate function. Public exploit code exists for this vulnerability, which affects all users handling untrusted color profiles. Upgrade to version 2.3.1.1 or later to remediate.
iccDEV versions 2.3.1.1 and below allow local attackers to cause a denial of service or leak sensitive memory through improper input validation in the CIccProfile::LoadTag function, which fails to properly validate ICC profile data before processing. Public exploit code exists for this vulnerability, and a patch is available in version 2.3.1.2.
iccDEV versions 2.3.1.1 and earlier are vulnerable to use-after-free, heap buffer overflow, and integer overflow flaws in the CIccSparseMatrix function, allowing local attackers with user interaction to achieve arbitrary code execution. The vulnerability affects all systems using vulnerable iccDEV libraries for ICC color profile processing and is resolved in version 2.3.1.2.
iccDEV ICC color profile libraries versions 2.3.1.1 and earlier suffer from undefined behavior and out-of-memory errors that can be exploited remotely without authentication to achieve code execution or denial of service. Public exploit code exists for this vulnerability, affecting users who have not upgraded to version 2.3.1.2 or later. An attacker can trigger memory corruption through specially crafted ICC profile inputs with user interaction.
iccDEV ICC color profile library (through 2.3.1) has a use-after-free in CIccXform::Create() when processing hint objects. Processing a malicious ICC profile can lead to code execution. PoC available, fixed in 2.3.1.1.
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a memory leak vulnerability in its XML MPE Parsing Path (iccFromXml). [CVSS 3.3 LOW]
Integer overflow in iccDEV's CIccXmlArrayType::ParseTextCountNum() function allows local attackers with user interaction to achieve arbitrary code execution through maliciously crafted ICC color profile files. The vulnerability affects iccDEV versions 2.3.1 and below, impacting users who process untrusted color profiles. Public exploit code exists for this vulnerability, and a patch is available in version 2.3.1.1.
iccDEV ICC color profile processing library versions 2.3.1 and below contain an infinite loop in the CalcProfileID function that allows unauthenticated remote attackers to cause denial of service. Public exploit code exists for this vulnerability, and affected systems should upgrade to version 2.3.1.1 or later to remediate the issue.