PT-2026-2075 · Iccdev · Iccdev

Rootup

·

Publicado

2026-01-07

·

Atualizado

2026-01-09

·

CVE-2026-21678

CVSS v3.1

7.8

Alta

VetorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.2
Description iccDEV is a set of libraries and tools for interacting with ICC color management profiles. A heap-buffer-overflow issue exists in the IccTagXml() function in versions prior to 2.3.1.2.
Recommendations Update to version 2.3.1.2 or later.

Exploit

Correção

Memory Corruption

Heap Based Buffer Overflow

RCE

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787CWE-122CWE-20CWE-125

Identificadores relacionados

CVE-2026-21678
GHSA-9RP2-4C6G-HPPF

Produtos afetados

Iccdev