Description
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the signature parser. This issue has been patched in version 2.3.1.2.
Problem types
CWE-20: Improper Input Validation
CWE-252: Unchecked Return Value
CWE-476: NULL Pointer Dereference
CWE-690: Unchecked Return Value to NULL Pointer Dereference
Product status
References
github.com/...iccDEV/security/advisories/GHSA-wj8m-6w77-r4rw
github.com/InternationalColorConsortium/iccDEV/issues/381
github.com/InternationalColorConsortium/iccDEV/pull/405
github.com/...ommit/0e51ceb427925b7e22f0465547df7506d35cda1c
github.com/...ommit/b5ad23aceece3789bdf1c47bae1ecf9d7bfcd26d