CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46602
https://notcve.org/view.php?id=CVE-2023-46602
23 Oct 2023 — In International Color Consortium DemoIccMAX 79ecb74, there is a stack-based buffer overflow in the icFixXml function in IccXML/IccLibXML/IccUtilXml.cpp in libIccXML.a. En International Color Consortium DemoIccMAX 79ecb74, hay un desbordamiento del búfer basado en pila en la función icFixXml en IccXML/IccLibXML/IccUtilXml.cpp en libIccXML.a. • https://github.com/InternationalColorConsortium/DemoIccMAX/pull/53 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40892
https://notcve.org/view.php?id=CVE-2021-40892
24 Jun 2022 — A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in validate-color v2.1.0 when handling crafted invalid rgb(a) strings. Se ha detectado una vulnerabilidad de Denegación de Servicio de Expresiones Regulares (ReDOS) en validate-color versión v2.1.0, cuando son manejadas cadenas rgb(a) no válidas diseñadas • https://github.com/yetingli/SaveResults/blob/main/js/validate-color.js • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-29060
https://notcve.org/view.php?id=CVE-2021-29060
21 Jun 2021 — A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Color-String version 1.5.5 and below which occurs when the application is provided and checks a crafted invalid HWB string. Se ha detectado una vulnerabilidad de Expresión Regular de Denegación de Servicio (ReDOS) en Color-String versión 1.5.5 y por debajo, que ocurre cuando la aplicación es proporcionada y comprueba una cadena HWB no válida diseñada • https://github.com/Qix-/color-string/commit/0789e21284c33d89ebc4ab4ca6f759b9375ac9d3 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7013
https://notcve.org/view.php?id=CVE-2014-7013
16 Oct 2014 — The Funny Photo Color Editor (aka com.doirdeditor.funcloreditor) application 0.0.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación para Android Funny Photo Color Editor (también conocida como om.doirdeditor.funcloreditor) 0.0.4 no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle suplantar servidores y obtener i... • http://www.kb.cert.org/vuls/id/132113 • CWE-310: Cryptographic Issues •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7023
https://notcve.org/view.php?id=CVE-2014-7023
16 Oct 2014 — The Find Color (aka com.chudong.color) application 1.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación para Android Find Color (también conocida como com.chudong.color) 1.1.1 no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle suplantar servidores y obtener información sensible a través de un certificado mani... • http://www.kb.cert.org/vuls/id/418905 • CWE-310: Cryptographic Issues •
CVSS: 7.8EPSS: 35%CPEs: 3EXPL: 0CVE-2012-4405 – argyllcms: Array index error leading to heap-based bufer OOB write
https://notcve.org/view.php?id=CVE-2012-4405
11 Sep 2012 — Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error. Múltiples desbordamientos inferiores de enteros en la f... • http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00031.html • CWE-189: Numeric Errors CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 9%CPEs: 27EXPL: 0CVE-2012-1616 – Gentoo Linux Security Advisory 201206-04
https://notcve.org/view.php?id=CVE-2012-1616
19 Jun 2012 — Use-after-free vulnerability in icclib before 2.13, as used by Argyll CMS before 1.4 and possibly other programs, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted ICC profile file. Una vulnerabilidad de uso después de liberación en icclib v2.13, tal y como se usa en Argyll CMS antes de v1.4 y posiblemente en otros programas, permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) o ejecutar código de su elección a través de u... • http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079762.html • CWE-399: Resource Management Errors •