CVE-2026-21689

Summary

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in CIccProfileXml::ParseBasic() at IccXML/IccLibXML/IccProfileXml.cpp. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.

Affected Software

VendorProductVersion RangeStatus
InternationalColorConsortiumiccDEV< 2.3.1.2affected

Weaknesses

  • CWE-20: CWE-20: Improper Input Validation
  • CWE-190: CWE-190: Integer Overflow or Wraparound
  • CWE-232: CWE-232: Improper Handling of Undefined Values
  • CWE-476: CWE-476: NULL Pointer Dereference
  • CWE-690: CWE-690: Unchecked Return Value to NULL Pointer Dereference
  • CWE-754: CWE-754: Improper Check for Unusual or Exceptional Conditions

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References