Total
23 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-24411 | 1 Color | 1 Iccdev | 2026-01-30 | N/A | 7.1 HIGH |
| iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in CIccTagXmlSegmentedCurve::ToXml(). This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs. Successful exploitation may allow an attacker to perform DoS, manipulate data, bypass application logic and Code Execution. This issue has been fixed in version 2.3.1.2. | |||||
| CVE-2026-24410 | 1 Color | 1 Iccdev | 2026-01-30 | N/A | 7.1 HIGH |
| iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIccProfileXml::ParseBasic(). This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs. Successful exploitation may allow an attacker to perform DoS, manipulate data, bypass application logic and Code Execution. This issue has been fixed in version 2.3.1.2. | |||||
| CVE-2026-24409 | 1 Color | 1 Iccdev | 2026-01-30 | N/A | 7.1 HIGH |
| iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIccTagXmlFloatNum<>::ParseXml(). This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs. Successful exploitation may allow an attacker to perform DoS, manipulate data, bypass application logic and Code Execution. This issue has been fixed in version 2.3.1.2. | |||||
| CVE-2026-24404 | 1 Color | 1 Iccdev | 2026-01-30 | N/A | 7.1 HIGH |
| iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, CIccXmlArrayType() contains a Null Pointer Dereference and Undefined Behavior vulnerability. This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs. Successful exploitation may allow an attacker to perform DoS, manipulate data, bypass application logic and Code Execution. This issue has been fixed in version 2.3.1.2. | |||||
| CVE-2026-21689 | 1 Color | 1 Iccdev | 2026-01-12 | N/A | 6.5 MEDIUM |
| iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `CIccProfileXml::ParseBasic()` at `IccXML/IccLibXML/IccProfileXml.cpp`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available. | |||||
| CVE-2026-21499 | 1 Color | 1 Iccdev | 2026-01-09 | N/A | 5.5 MEDIUM |
| iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML parser. This issue has been patched in version 2.3.1.2. | |||||
| CVE-2026-21498 | 1 Color | 1 Iccdev | 2026-01-09 | N/A | 5.5 MEDIUM |
| iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML calculator parser. This issue has been patched in version 2.3.1.2. | |||||
| CVE-2026-21496 | 1 Color | 1 Iccdev | 2026-01-09 | N/A | 5.5 MEDIUM |
| iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the signature parser. This issue has been patched in version 2.3.1.2. | |||||
| CVE-2026-21502 | 1 Color | 1 Iccdev | 2026-01-09 | N/A | 5.5 MEDIUM |
| iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML tag parser. This issue has been patched in version 2.3.1.2. | |||||
| CVE-2025-33192 | 1 Nvidia | 2 Dgx Os, Dgx Spark | 2025-12-02 | N/A | 5.7 MEDIUM |
| NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an arbitrary memory read. A successful exploit of this vulnerability might lead to denial of service. | |||||
| CVE-2024-42329 | 1 Zabbix | 1 Zabbix | 2025-10-08 | N/A | 3.3 LOW |
| The webdriver for the Browser object expects an error object to be initialized when the webdriver_session_query function fails. But this function can fail for various reasons without an error description and then the wd->error will be NULL and trying to read from it will result in a crash. | |||||
| CVE-2024-42328 | 1 Zabbix | 1 Zabbix | 2025-10-08 | N/A | 3.3 LOW |
| When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curl_write_cb when receiving data. If the server's response is an empty document, then wd->data in the code below will remain NULL and an attempt to read from it will result in a crash. | |||||
| CVE-2024-23085 | 1 Mikkotommila | 1 Apfloat | 2025-06-18 | N/A | 7.5 HIGH |
| Apfloat v1.10.1 was discovered to contain a NullPointerException via the component org.apfloat.internal.DoubleScramble::scramble(double[], int, int[]). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | |||||
| CVE-2022-41957 | 2 Hummus Project, Muhammara Project | 2 Hummus, Muhammara | 2024-11-21 | N/A | 7.5 HIGH |
| Muhammara is a node module with c/cpp bindings to modify PDF with JavaScript for node or electron. The package muhammara before 2.6.2 and from 3.0.0 and before 3.3.0, as well as all versions of muhammara's predecessor package hummus, are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed. The issue has been patched in muhammara version 3.4.0 and the fix has been backported to version 2.6.2. As a workaround, do not process files from untrusted sources. If using hummus, replace the package with muhammara. | |||||
| CVE-2024-23915 | 1 Opennetworking | 1 Libfluid Msg | 2024-09-20 | N/A | 7.5 HIGH |
| Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routines fluid_msg::of13::InstructionSet::unpack. This issue affects libfluid: 0.1.0. | |||||
| CVE-2024-23916 | 1 Opennetworking | 1 Libfluid Msg | 2024-09-20 | N/A | 7.5 HIGH |
| Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routines fluid_msg::ActionSet::unpack. This issue affects libfluid: 0.1.0. | |||||
| CVE-2024-31164 | 1 Opennetworking | 1 Libfluid Msg | 2024-09-20 | N/A | 7.5 HIGH |
| Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routines fluid_msg::ActionList::unpack13. This issue affects libfluid: 0.1.0. | |||||
| CVE-2024-31165 | 1 Opennetworking | 1 Libfluid Msg | 2024-09-20 | N/A | 7.5 HIGH |
| Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::SetFieldAction::unpack. This issue affects libfluid: 0.1.0. | |||||
| CVE-2024-31167 | 1 Opennetworking | 1 Libfluid Msg | 2024-09-20 | N/A | 7.5 HIGH |
| Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::QueuePropertyList::unpack13. This issue affects libfluid: 0.1.0. | |||||
| CVE-2024-31175 | 1 Opennetworking | 1 Libfluid Msg | 2024-09-20 | N/A | 7.5 HIGH |
| Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::TablePropertiesList::unpack. This issue affects libfluid: 0.1.0. | |||||