7.8
CVE-2026-21501
- EPSS 0.18%
- Veröffentlicht 07.01.2026 17:09:54
- Zuletzt bearbeitet 09.01.2026 21:33:44
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Stack Overflow in iccDEV Calculator Parser
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to stack overflow in the calculator parser. This issue has been patched in version 2.3.1.2.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.078 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| security-advisories@github.com | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-x7hw-h22p-2x4w
https://github.com/InternationalColorConsortium/iccDEV/issues/365
https://github.com/InternationalColorConsortium/iccDEV/pull/413
https://github.com/InternationalColorConsortium/iccDEV/commit/798be59011649a26a529600cc3cd56437634d3d0
https://github.com/InternationalColorConsortium/iccDEV/commit/f3056ed99935d479091470127ad16f8be1912bb7
https://github.com/InternationalColorConsortium/iccDEV/blob/8e71f0a701abcbd554725ba7b70258203e682a61/IccProfLib/IccMpeCalc.cpp#L4588