CVE-2026-21673

Summary

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have overflows and underflows in CIccXmlArrayType::ParseTextCountNum(). This vulnerability affects users of the iccDEV library who process ICC color profiles. This issue is fixed in version 2.3.1.1.

Affected Software

VendorProductVersion RangeStatus
InternationalColorConsortiumiccDEV< 2.3.1.1affected

Weaknesses

  • CWE-190: CWE-190: Integer Overflow or Wraparound
  • CWE-681: CWE-681: Incorrect Conversion between Numeric Types
  • CWE-704: CWE-704: Incorrect Type Conversion or Cast

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References