CVE-2026-21493
6.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
Summary
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Type Confusion in its CIccSingleSampledeCurveXml class during XML Curve Serialization. This issue is fixed in version 2.3.1.2.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| InternationalColorConsortium | iccDEV | < 2.3.1.2 | affected |
Weaknesses
- CWE-188: CWE-188: Reliance on Data/Memory Layout
- CWE-703: CWE-703: Improper Check or Handling of Exceptional Conditions
- CWE-843: CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-p85g-f9q7-jmjx
- https://github.com/InternationalColorConsortium/iccDEV/issues/358
- https://github.com/InternationalColorConsortium/iccDEV/commit/7ff76d1471077172f9659de8d9536443eac7c48f
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.