CVE-2026-21485

Exploit

EPSS 0.1%
Veröffentlicht 06.01.2026 03:17:47
Zuletzt bearbeitet 14.01.2026 18:45:37
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are prone to have Undefined Behavior (UB) and Out of Memory errors. This issue is fixed in version 2.3.1.2.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 7 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Color ≫ Iccdev Version < 2.3.1.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.29

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-1284 Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-chp2-4gv5-2432

Vendor Advisory

https://github.com/InternationalColorConsortium/iccDEV/issues/340

Vendor Advisory

Exploit

Issue Tracking

https://github.com/InternationalColorConsortium/iccDEV/commit/c136aac51d25cbb4d9db63f071edad4f088843df

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-21485

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-21485

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-21485

EUVD