CVE-2026-21675

Summary

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a Use After Free vulnerability in the CIccXform::Create() function, where it deletes the hint. This issue is fixed in version 2.3.1.1.

Affected Software

VendorProductVersion RangeStatus
InternationalColorConsortiumiccDEV< 2.3.1.1affected

Weaknesses

  • CWE-416: CWE-416: Use After Free
  • CWE-20: CWE-20: Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

Additional References

References