CVE-2026-21485

Summary

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are prone to have Undefined Behavior (UB) and Out of Memory errors. This issue is fixed in version 2.3.1.2.

Affected Software

VendorProductVersion RangeStatus
InternationalColorConsortiumiccDEV< 2.3.1.2affected

Weaknesses

  • CWE-20: CWE-20: Improper Input Validation
  • CWE-125: CWE-125: Out-of-bounds Read
  • CWE-190: CWE-190: Integer Overflow or Wraparound
  • CWE-400: CWE-400: Uncontrolled Resource Consumption
  • CWE-476: CWE-476: NULL Pointer Dereference
  • CWE-787: CWE-787: Out-of-bounds Write
  • CWE-1284: CWE-1284: Improper Validation of Specified Quantity in Input

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

References