Common Weakness Enumeration

CWE-758

Allowed-with-Review

Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

Abstraction: Class · Status: Incomplete

The product uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity.

33 vulnerabilities reference this CWE, most recent first.

CVE-2026-24404 (GCVE-0-2026-24404)

Vulnerability from cvelistv5 – Published: 2026-01-24 00:55 – Updated: 2026-01-26 16:17
VLAI
Title
iccDEV has Null Pointer Deference and Undefined Behavior in CIccXmlArrayType()
Summary
iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, CIccXmlArrayType() contains a Null Pointer Dereference and Undefined Behavior vulnerability. This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs. Successful exploitation may allow an attacker to perform DoS, manipulate data, bypass application logic and Code Execution. This issue has been fixed in version 2.3.1.2.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-20 - Improper Input Validation
  • CWE-476 - NULL Pointer Dereference
  • CWE-690 - Unchecked Return Value to NULL Pointer Dereference
  • CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
Assigner
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24404",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-26T16:14:31.210309Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-26T16:17:43.756Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iccDEV",
          "vendor": "InternationalColorConsortium",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.3.1.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, CIccXmlArrayType() contains a Null Pointer Dereference and Undefined Behavior vulnerability. This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs. Successful exploitation may allow an attacker to perform DoS, manipulate data, bypass application logic and Code Execution. This issue has been fixed in version 2.3.1.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476: NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-690",
              "description": "CWE-690: Unchecked Return Value to NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-758",
              "description": "CWE-758: Reliance on Undefined, Unspecified, or Implementation-Defined Behavior",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-24T00:55:26.935Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-hqfg-45jp-hp9f",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-hqfg-45jp-hp9f"
        },
        {
          "name": "https://github.com/InternationalColorConsortium/iccDEV/issues/488",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/InternationalColorConsortium/iccDEV/issues/488"
        },
        {
          "name": "https://github.com/InternationalColorConsortium/iccDEV/commit/cd637eb33f0c8055fa54d8776e00555d3d39ef0c",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/InternationalColorConsortium/iccDEV/commit/cd637eb33f0c8055fa54d8776e00555d3d39ef0c"
        }
      ],
      "source": {
        "advisory": "GHSA-hqfg-45jp-hp9f",
        "discovery": "UNKNOWN"
      },
      "title": "iccDEV has Null Pointer Deference and Undefined Behavior in CIccXmlArrayType()"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-24404",
    "datePublished": "2026-01-24T00:55:26.935Z",
    "dateReserved": "2026-01-22T18:19:49.173Z",
    "dateUpdated": "2026-01-26T16:17:43.756Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22858 (GCVE-0-2026-22858)

Vulnerability from cvelistv5 – Published: 2026-01-14 17:56 – Updated: 2026-07-15 01:19
VLAI
Title
FreeRDP has a global-buffer-overflow in crypto_base64_decode
Summary
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c <= 0 can be optimized into a simple c != 0 check. As a result, non-ASCII bytes (e.g., 0x80-0xFF) may bypass the intended range restriction and be used as an index into a global lookup table, causing out-of-bounds access. This vulnerability is fixed in 3.20.1.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-125 - Out-of-bounds Read
  • CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
  • CWE-787 - Out-of-bounds Write
Assigner
References
URL Tags
https://github.com/FreeRDP/FreeRDP/security/advis… x_refsource_CONFIRM
https://github.com/FreeRDP/FreeRDP/releases/tag/3.20.1 x_refsource_MISC
https://access.redhat.com/security/cve/CVE-2026-22858 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2429649 issue-trackingx_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
https://access.redhat.com/errata/RHSA-2026:4471 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:4121 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3068 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19033 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3334 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:4433 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:4439 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:4446 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:4440 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:4489 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:4437 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:4438 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3975 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3067 vendor-advisoryx_refsource_REDHAT
Impacted products
Vendor Product Version
FreeRDP FreeRDP Affected: < 3.20.1
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 10 Unaffected: 2:3.10.3-12.el10_2.2 , < * (rpm)
Unaffected: 2:3.10.3-5.el10_1.2 , < * (rpm)
    cpe:/o:redhat:enterprise_linux:10.1
    cpe:/o:redhat:enterprise_linux:10.2
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 10.0 Extended Update Support Unaffected: 2:3.10.3-3.el10_0.2 , < * (rpm)
    cpe:/o:redhat:enterprise_linux_eus:10.0
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:2.1.1-5.el7_9.2 , < * (rpm)
    cpe:/o:redhat:rhel_els:7
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8 Unaffected: 2:2.11.7-3.el8_10 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:8
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 2:2.0.0-46.rc4.el8_2.7 , < * (rpm)
    cpe:/a:redhat:rhel_aus:8.2
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 2:2.2.0-8.el8_4 , < * (rpm)
    cpe:/a:redhat:rhel_aus:8.4
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Unaffected: 2:2.2.0-8.el8_4 , < * (rpm)
    cpe:/a:redhat:rhel_eus_long_life:8.4
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 2:2.2.0-7.el8_6.2 , < * (rpm)
    cpe:/a:redhat:rhel_aus:8.6
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 2:2.2.0-7.el8_6.2 , < * (rpm)
    cpe:/a:redhat:rhel_tus:8.6
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 2:2.2.0-7.el8_6.2 , < * (rpm)
    cpe:/a:redhat:rhel_e4s:8.6
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service Unaffected: 2:2.2.0-12.el8_8.2 , < * (rpm)
    cpe:/a:redhat:rhel_tus:8.8
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Unaffected: 2:2.2.0-12.el8_8.2 , < * (rpm)
    cpe:/a:redhat:rhel_e4s:8.8
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9 Unaffected: 2:2.11.7-1.el9_7.2 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:9
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 2:2.4.1-3.el9_0.1 , < * (rpm)
    cpe:/a:redhat:rhel_e4s:9.0
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Unaffected: 2:2.4.1-6.el9_2.3 , < * (rpm)
    cpe:/a:redhat:rhel_e4s:9.2
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 2:2.11.2-1.el9_4.2 , < * (rpm)
    cpe:/a:redhat:rhel_eus:9.4
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9.6 Extended Update Support Unaffected: 2:2.11.7-1.el9_6.2 , < * (rpm)
    cpe:/a:redhat:rhel_eus:9.6
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22858",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-14T21:11:51.335502Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-14T21:12:03.734Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10.1",
              "cpe:/o:redhat:enterprise_linux:10.2"
            ],
            "defaultStatus": "affected",
            "packageName": "freerdp",
            "product": "Red Hat Enterprise Linux 10",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "2:3.10.3-12.el10_2.2",
                "versionType": "rpm"
              },
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "2:3.10.3-5.el10_1.2",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/o:redhat:enterprise_linux_eus:10.0"
            ],
            "defaultStatus": "affected",
            "packageName": "freerdp",
            "product": "Red Hat Enterprise Linux 10.0 Extended Update Support",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "2:3.10.3-3.el10_0.2",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/o:redhat:rhel_els:7"
            ],
            "defaultStatus": "affected",
            "packageName": "freerdp",
            "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "0:2.1.1-5.el7_9.2",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:8"
            ],
            "defaultStatus": "affected",
            "packageName": "freerdp",
            "product": "Red Hat Enterprise Linux 8",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "2:2.11.7-3.el8_10",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:rhel_aus:8.2"
            ],
            "defaultStatus": "affected",
            "packageName": "freerdp",
            "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "2:2.0.0-46.rc4.el8_2.7",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:rhel_aus:8.4"
            ],
            "defaultStatus": "affected",
            "packageName": "freerdp",
            "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "2:2.2.0-8.el8_4",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:rhel_eus_long_life:8.4"
            ],
            "defaultStatus": "affected",
            "packageName": "freerdp",
            "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "2:2.2.0-8.el8_4",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:rhel_aus:8.6"
            ],
            "defaultStatus": "affected",
            "packageName": "freerdp",
            "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "2:2.2.0-7.el8_6.2",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:rhel_tus:8.6"
            ],
            "defaultStatus": "affected",
            "packageName": "freerdp",
            "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "2:2.2.0-7.el8_6.2",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:8.6"
            ],
            "defaultStatus": "affected",
            "packageName": "freerdp",
            "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "2:2.2.0-7.el8_6.2",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:rhel_tus:8.8"
            ],
            "defaultStatus": "affected",
            "packageName": "freerdp",
            "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "2:2.2.0-12.el8_8.2",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:8.8"
            ],
            "defaultStatus": "affected",
            "packageName": "freerdp",
            "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "2:2.2.0-12.el8_8.2",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:9"
            ],
            "defaultStatus": "affected",
            "packageName": "freerdp",
            "product": "Red Hat Enterprise Linux 9",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "2:2.11.7-1.el9_7.2",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.0"
            ],
            "defaultStatus": "affected",
            "packageName": "freerdp",
            "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "2:2.4.1-3.el9_0.1",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.2"
            ],
            "defaultStatus": "affected",
            "packageName": "freerdp",
            "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "2:2.4.1-6.el9_2.3",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.4"
            ],
            "defaultStatus": "affected",
            "packageName": "freerdp",
            "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "2:2.11.2-1.el9_4.2",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.6"
            ],
            "defaultStatus": "affected",
            "packageName": "freerdp",
            "product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "2:2.11.7-1.el9_6.2",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:6"
            ],
            "defaultStatus": "affected",
            "packageName": "freerdp",
            "product": "Red Hat Enterprise Linux 6",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-01-14T17:56:29.729Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A global buffer overflow flaw has been discovered in FreeRDP. This global-buffer-overflow was observed in FreeRDP\u0027s Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c \u003c= 0 can be optimized into a simple c != 0 check. As a result, non-ASCII bytes (e.g., 0x80-0xFF) may bypass the intended range restriction and be used as an index into a global lookup table, causing out-of-bounds access."
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.4,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-15T01:19:01.925Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2026-22858"
          },
          {
            "name": "RHBZ#2429649",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429649"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22858.json"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:4471"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:4121"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3068"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19033"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3334"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:4433"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:4439"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:4446"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:4440"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:4489"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:4437"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:4438"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3975"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3067"
          }
        ],
        "solutions": [
          {
            "lang": "en",
            "value": "RHSA-2026:4471: Red Hat Enterprise Linux Server (v. 7 ELS), Red Hat Enterprise Linux Server Optional (v. 7 ELS)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:4121: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3068: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19033: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3334: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:4433: Red Hat Enterprise Linux AppStream AUS (v. 8.2)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:4439: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:4446: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:4440: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:4489: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:4437: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:4438: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3975: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3067: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-01-14T18:00:52.497Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-01-14T17:56:29.729Z",
            "value": "Made public."
          }
        ],
        "title": "freerdp: FreeRDP global-buffer-overflow",
        "workarounds": [
          {
            "lang": "en",
            "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
          }
        ],
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FreeRDP",
          "vendor": "FreeRDP",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.20.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP\u0027s Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c \u003c= 0 can be optimized into a simple c != 0 check. As a result, non-ASCII bytes (e.g., 0x80-0xFF) may bypass the intended range restriction and be used as an index into a global lookup table, causing out-of-bounds access. This vulnerability is fixed in 3.20.1."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125: Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-758",
              "description": "CWE-758: Reliance on Undefined, Unspecified, or Implementation-Defined Behavior",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-14T17:56:29.729Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qmqf-m84q-x896",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qmqf-m84q-x896"
        },
        {
          "name": "https://github.com/FreeRDP/FreeRDP/releases/tag/3.20.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FreeRDP/FreeRDP/releases/tag/3.20.1"
        }
      ],
      "source": {
        "advisory": "GHSA-qmqf-m84q-x896",
        "discovery": "UNKNOWN"
      },
      "title": "FreeRDP has a global-buffer-overflow in crypto_base64_decode"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-22858",
    "datePublished": "2026-01-14T17:56:29.729Z",
    "dateReserved": "2026-01-12T16:20:16.746Z",
    "dateUpdated": "2026-07-15T01:19:01.925Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21687 (GCVE-0-2026-21687)

Vulnerability from cvelistv5 – Published: 2026-01-07 21:32 – Updated: 2026-01-07 21:38
VLAI
Title
iccDEV has Undefined Behavior in CIccTagCurve::CIccTagCurve()
Summary
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in `CIccTagCurve::CIccTagCurve()`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-20 - Improper Input Validation
  • CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
Assigner
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21687",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-07T21:38:09.222719Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-07T21:38:17.371Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iccDEV",
          "vendor": "InternationalColorConsortium",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.3.1.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in `CIccTagCurve::CIccTagCurve()`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-758",
              "description": "CWE-758: Reliance on Undefined, Unspecified, or Implementation-Defined Behavior",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-07T21:32:13.792Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-prmm-g479-4fv7",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-prmm-g479-4fv7"
        },
        {
          "name": "https://github.com/InternationalColorConsortium/iccDEV/issues/180",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/InternationalColorConsortium/iccDEV/issues/180"
        },
        {
          "name": "https://github.com/InternationalColorConsortium/iccDEV/pull/221",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/InternationalColorConsortium/iccDEV/pull/221"
        }
      ],
      "source": {
        "advisory": "GHSA-prmm-g479-4fv7",
        "discovery": "UNKNOWN"
      },
      "title": "iccDEV has Undefined Behavior in CIccTagCurve::CIccTagCurve()"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-21687",
    "datePublished": "2026-01-07T21:32:13.792Z",
    "dateReserved": "2026-01-02T18:45:27.396Z",
    "dateUpdated": "2026-01-07T21:38:17.371Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21686 (GCVE-0-2026-21686)

Vulnerability from cvelistv5 – Published: 2026-01-07 21:25 – Updated: 2026-01-07 21:41
VLAI
Title
iccDEV has Undefined Behavior in CIccTagLutAtoB::Validate()
Summary
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in `CIccTagLutAtoB::Validate()`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-20 - Improper Input Validation
  • CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
Assigner
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21686",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-07T21:41:24.109560Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-07T21:41:35.418Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iccDEV",
          "vendor": "InternationalColorConsortium",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.3.1.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in `CIccTagLutAtoB::Validate()`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-758",
              "description": "CWE-758: Reliance on Undefined, Unspecified, or Implementation-Defined Behavior",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-07T21:25:57.567Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-792q-cqq9-mq4x",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-792q-cqq9-mq4x"
        },
        {
          "name": "https://github.com/InternationalColorConsortium/iccDEV/issues/214",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/InternationalColorConsortium/iccDEV/issues/214"
        },
        {
          "name": "https://github.com/InternationalColorConsortium/iccDEV/pull/222",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/InternationalColorConsortium/iccDEV/pull/222"
        }
      ],
      "source": {
        "advisory": "GHSA-792q-cqq9-mq4x",
        "discovery": "UNKNOWN"
      },
      "title": "iccDEV has Undefined Behavior in CIccTagLutAtoB::Validate()"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-21686",
    "datePublished": "2026-01-07T21:25:57.567Z",
    "dateReserved": "2026-01-02T18:45:27.396Z",
    "dateUpdated": "2026-01-07T21:41:35.418Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21685 (GCVE-0-2026-21685)

Vulnerability from cvelistv5 – Published: 2026-01-07 21:23 – Updated: 2026-01-07 21:42
VLAI
Title
iccDEV has Undefined Behavior in CIccTagLut16::Read()
Summary
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in `CIccTagLut16::Read()`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-20 - Improper Input Validation
  • CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
Assigner
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21685",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-07T21:42:09.284750Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-07T21:42:21.742Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iccDEV",
          "vendor": "InternationalColorConsortium",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.3.1.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in `CIccTagLut16::Read()`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-758",
              "description": "CWE-758: Reliance on Undefined, Unspecified, or Implementation-Defined Behavior",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-07T21:23:41.134Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-c3xr-6687-5c8p",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-c3xr-6687-5c8p"
        },
        {
          "name": "https://github.com/InternationalColorConsortium/iccDEV/issues/213",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/InternationalColorConsortium/iccDEV/issues/213"
        },
        {
          "name": "https://github.com/InternationalColorConsortium/iccDEV/pull/223",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/InternationalColorConsortium/iccDEV/pull/223"
        }
      ],
      "source": {
        "advisory": "GHSA-c3xr-6687-5c8p",
        "discovery": "UNKNOWN"
      },
      "title": "iccDEV has Undefined Behavior in CIccTagLut16::Read()"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-21685",
    "datePublished": "2026-01-07T21:23:41.134Z",
    "dateReserved": "2026-01-02T18:45:27.396Z",
    "dateUpdated": "2026-01-07T21:42:21.742Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21684 (GCVE-0-2026-21684)

Vulnerability from cvelistv5 – Published: 2026-01-07 21:18 – Updated: 2026-01-07 21:35
VLAI
Title
iccDEV has Undefined Behavior in CIccTagSpectralViewingConditions()
Summary
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in `CIccTagSpectralViewingConditions()`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-20 - Improper Input Validation
  • CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
Assigner
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21684",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-07T21:35:25.013168Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-07T21:35:37.015Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iccDEV",
          "vendor": "InternationalColorConsortium",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.3.1.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in `CIccTagSpectralViewingConditions()`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-758",
              "description": "CWE-758: Reliance on Undefined, Unspecified, or Implementation-Defined Behavior",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-07T21:18:31.527Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-fg9m-j9x8-8279",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-fg9m-j9x8-8279"
        },
        {
          "name": "https://github.com/InternationalColorConsortium/iccDEV/issues/216",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/InternationalColorConsortium/iccDEV/issues/216"
        },
        {
          "name": "https://github.com/InternationalColorConsortium/iccDEV/pull/225",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/InternationalColorConsortium/iccDEV/pull/225"
        }
      ],
      "source": {
        "advisory": "GHSA-fg9m-j9x8-8279",
        "discovery": "UNKNOWN"
      },
      "title": "iccDEV has Undefined Behavior in CIccTagSpectralViewingConditions()"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-21684",
    "datePublished": "2026-01-07T21:18:31.527Z",
    "dateReserved": "2026-01-02T18:45:27.396Z",
    "dateUpdated": "2026-01-07T21:35:37.015Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21677 (GCVE-0-2026-21677)

Vulnerability from cvelistv5 – Published: 2026-01-06 03:11 – Updated: 2026-01-06 18:56
VLAI
Title
iccDEV has Undefined Behavior in CIccCLUT::Init()
Summary
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have Undefined Behavior in its CIccCLUT::Init function which initializes and sets the size of a CLUT. This issue is fixed in version 2.3.1.1.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
  • CWE-20 - Improper Input Validation
Assigner
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21677",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-06T14:19:38.931382Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-06T18:56:50.126Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/InternationalColorConsortium/iccDEV/issues/181"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iccDEV",
          "vendor": "InternationalColorConsortium",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.3.1.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have Undefined Behavior in its CIccCLUT::Init function which initializes and sets the size of a CLUT. This issue is fixed in version 2.3.1.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-758",
              "description": "CWE-758: Reliance on Undefined, Unspecified, or Implementation-Defined Behavior",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-06T03:12:18.035Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-95w5-jvqf-3994",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-95w5-jvqf-3994"
        },
        {
          "name": "https://github.com/InternationalColorConsortium/iccDEV/issues/181",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/InternationalColorConsortium/iccDEV/issues/181"
        },
        {
          "name": "https://github.com/InternationalColorConsortium/iccDEV/commit/201125fbda22c8e4ea95800a6b427093fa4b8a22",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/InternationalColorConsortium/iccDEV/commit/201125fbda22c8e4ea95800a6b427093fa4b8a22"
        }
      ],
      "source": {
        "advisory": "GHSA-95w5-jvqf-3994",
        "discovery": "UNKNOWN"
      },
      "title": "iccDEV has Undefined Behavior in CIccCLUT::Init()"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-21677",
    "datePublished": "2026-01-06T03:11:30.537Z",
    "dateReserved": "2026-01-02T18:45:27.395Z",
    "dateUpdated": "2026-01-06T18:56:50.126Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-55160 (GCVE-0-2025-55160)

Vulnerability from cvelistv5 – Published: 2025-08-13 14:00 – Updated: 2025-08-13 14:26
VLAI
Title
ImageMagick Undefined Behavior (function-type-mismatch) in CloneSplayTree
Summary
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, there is undefined behavior (function-type-mismatch) in splay tree cloning callback. This results in a deterministic abort under UBSan (DoS in sanitizer builds), with no crash in a non-sanitized build. This issue has been patched in versions 6.9.13-27 and 7.1.2-1.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
Assigner
References
Impacted products
Vendor Product Version
ImageMagick ImageMagick Affected: < 6.9.13-27
Affected: < 7.1.2-1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-55160",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-13T14:26:33.718284Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-13T14:26:49.201Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ImageMagick",
          "vendor": "ImageMagick",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 6.9.13-27"
            },
            {
              "status": "affected",
              "version": "\u003c 7.1.2-1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, there is undefined behavior (function-type-mismatch) in splay tree cloning callback. This results in a deterministic abort under UBSan (DoS in sanitizer builds), with no crash in a non-sanitized build. This issue has been patched in versions 6.9.13-27 and 7.1.2-1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-758",
              "description": "CWE-758: Reliance on Undefined, Unspecified, or Implementation-Defined Behavior",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-13T14:00:53.826Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6hgw-6x87-578x",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6hgw-6x87-578x"
        }
      ],
      "source": {
        "advisory": "GHSA-6hgw-6x87-578x",
        "discovery": "UNKNOWN"
      },
      "title": "ImageMagick Undefined Behavior (function-type-mismatch) in CloneSplayTree"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-55160",
    "datePublished": "2025-08-13T14:00:53.826Z",
    "dateReserved": "2025-08-07T18:27:23.306Z",
    "dateUpdated": "2025-08-13T14:26:49.201Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-54811 (GCVE-0-2025-54811)

Vulnerability from cvelistv5 – Published: 2025-10-01 21:22 – Updated: 2025-10-02 15:53
VLAI
Title
OpenPLC_V3
Summary
OpenPLC_V3 has a vulnerability in the enipThread function that occurs due to the lack of a return value. This leads to a crash when the server loop ends and execution hits an illegal ud2 instruction. This issue can be triggered remotely without authentication by starting the same server multiple times or if the server exits unexpectedly. The vulnerability allows an attacker to cause a Denial of Service (DoS) against the PLC runtime, stopping any PC started remotely without authentication. This results in the PLC process crashing and halting all automation or control logic managed by OpenPLC.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
OpenPLC_V3 OpenPLC_V3 Affected: 0 , < pull request #292 (custom)
Create a notification for this product.
Credits
Renato Garreton of TryHackMe reported this vulnerability to CISA.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-54811",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-02T14:01:02.728828Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-02T15:53:32.988Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenPLC_V3",
          "vendor": "OpenPLC_V3",
          "versions": [
            {
              "lessThan": "pull request #292",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Renato Garreton of TryHackMe reported this vulnerability to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOpenPLC_V3 has a vulnerability in the enipThread function that occurs due to the lack of a return value. This leads to a crash when the server loop ends and execution hits an illegal ud2 instruction. This issue can be triggered remotely without authentication by starting the same server multiple times or if the server exits unexpectedly. The vulnerability allows an attacker to cause a Denial of Service (DoS) against the PLC runtime, stopping any PC started remotely without authentication. This results in the PLC process crashing and halting all automation or control logic managed by OpenPLC.\u003c/span\u003e"
            }
          ],
          "value": "OpenPLC_V3 has a vulnerability in the enipThread function that occurs due to the lack of a return value. This leads to a crash when the server loop ends and execution hits an illegal ud2 instruction. This issue can be triggered remotely without authentication by starting the same server multiple times or if the server exits unexpectedly. The vulnerability allows an attacker to cause a Denial of Service (DoS) against the PLC runtime, stopping any PC started remotely without authentication. This results in the PLC process crashing and halting all automation or control logic managed by OpenPLC."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-758",
              "description": "CWE-758",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-01T21:22:31.015Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-273-05"
        },
        {
          "url": "https://github.com/thiagoralves/OpenPLC_v3"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePull request #292 resolves this issue. Users are advised to update OpenPLC_V3 to pull request #292 or later from the \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/thiagoralves/OpenPLC_v3\"\u003emain GitHub repository\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Pull request #292 resolves this issue. Users are advised to update OpenPLC_V3 to pull request #292 or later from the  main GitHub repository https://github.com/thiagoralves/OpenPLC_v3 ."
        }
      ],
      "source": {
        "advisory": "ICSA-25-273-05",
        "discovery": "EXTERNAL"
      },
      "title": "OpenPLC_V3",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2025-54811",
    "datePublished": "2025-10-01T21:22:31.015Z",
    "dateReserved": "2025-09-23T19:54:22.490Z",
    "dateUpdated": "2025-10-02T15:53:32.988Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-58350 (GCVE-0-2024-58350)

Vulnerability from cvelistv5 – Published: 2026-06-10 12:36 – Updated: 2026-07-14 22:54 X_Open Source
VLAI
Title
Ghidra < 11.2 - Use After Free in Sleigh Backend via Static Initialization Order
Summary
Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability singletons. Attackers can trigger an infinite loop or denial of service during shutdown by exploiting the unsafe destruction order that causes iteration over deallocated memory.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
Assigner
References
Impacted products
Vendor Product Version
nationalsecurityagency ghidra Affected: 0 , < 11.2 (custom)
Unaffected: 11.2 (custom)
Create a notification for this product.
Date Public
2024-09-19 00:00
Credits
Bill Bierman (@wbierman)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-58350",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-10T13:51:10.926831Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-10T13:51:17.257Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageURL": "pkg:github/nationalsecurityagency/ghidra",
          "product": "ghidra",
          "repo": "https://github.com/nationalsecurityagency/ghidra",
          "vendor": "nationalsecurityagency",
          "versions": [
            {
              "lessThan": "11.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "11.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:nsa:ghidra:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "11.2",
                  "vulnerable": true
                }
              ],
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Bill Bierman (@wbierman)"
        }
      ],
      "datePublic": "2024-09-19T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability singletons. Attackers can trigger an infinite loop or denial of service during shutdown by exploiting the unsafe destruction order that causes iteration over deallocated memory."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 2.1,
            "baseSeverity": "LOW",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 2.9,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-758",
              "description": "Reliance on Undefined, Unspecified, or Implementation-Defined Behavior",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-14T22:54:53.445Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "GitHub Security Advisory (GHSA-4g43-2f29-xvp4)",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-4g43-2f29-xvp4"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/ghidra-use-after-free-in-sleigh-backend-via-static-initialization-order"
        }
      ],
      "tags": [
        "x_open-source"
      ],
      "title": "Ghidra \u003c 11.2 - Use After Free in Sleigh Backend via Static Initialization Order",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2024-58350",
    "datePublished": "2026-06-10T12:36:08.579Z",
    "dateReserved": "2026-06-08T15:20:35.496Z",
    "dateUpdated": "2026-07-14T22:54:53.445Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.