5.5

CVE-2026-21497

Exploit

NULL Pointer Dereference in iccDEV Unknown Tag Parser

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via an unknown tag parser. This issue has been patched in version 2.3.1.2.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ColorIccdev Version < 2.3.1.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.05
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security-advisories@github.com 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-252 Unchecked Return Value

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-7gv7-cmrv-4j85
Third Party Advisory
https://github.com/InternationalColorConsortium/iccDEV/issues/374
Exploit
Issue Tracking
https://github.com/InternationalColorConsortium/iccDEV/pull/403
Issue Tracking
https://github.com/InternationalColorConsortium/iccDEV/commit/9419cac7f084197941994b8b9d17def204008385
Patch