CVE-2024-38427

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions International Color Consortium DemoIccMAX versions prior to 85ce74e

Description A logic flaw exists in the CIccTagXmlProfileSequenceId::ParseXml function within IccTagXml.cpp, causing it to unconditionally return false. This issue is related to the IccXML/IccLibXML component.

Recommendations For International Color Consortium DemoIccMAX versions prior to 85ce74e, update to a version after 85ce74e to resolve the issue. As a temporary workaround, consider restricting the use of the CIccTagXmlProfileSequenceId::ParseXml function until a patch is available.

Fix

Unchecked Return Value

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-252

Related Identifiers

CVE-2024-38427

Affected Products

Demoiccmax

CVE-2024-38427

Weakness Enumeration

Related Identifiers

Affected Products

References · 5