CVE-2026-21485
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are prone to have Undefined Behavior (UB) and Out of Memory errors. This issue is fixed in version 2.3.1.2.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| InternationalColorConsortium | iccDEV | < 2.3.1.2 | affected |
Weaknesses
- CWE-20: CWE-20: Improper Input Validation
- CWE-125: CWE-125: Out-of-bounds Read
- CWE-190: CWE-190: Integer Overflow or Wraparound
- CWE-400: CWE-400: Uncontrolled Resource Consumption
- CWE-476: CWE-476: NULL Pointer Dereference
- CWE-787: CWE-787: Out-of-bounds Write
- CWE-1284: CWE-1284: Improper Validation of Specified Quantity in Input
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
Additional References
References
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-chp2-4gv5-2432
- https://github.com/InternationalColorConsortium/iccDEV/issues/340
- https://github.com/InternationalColorConsortium/iccDEV/commit/c136aac51d25cbb4d9db63f071edad4f088843df
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.