5.5

CVE-2026-21498

Exploit

NULL Pointer Dereference in iccDEV XML Calculator Parser

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML calculator parser. This issue has been patched in version 2.3.1.2.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ColorIccdev Version < 2.3.1.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.05
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security-advisories@github.com 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-252 Unchecked Return Value

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

CWE-690 Unchecked Return Value to NULL Pointer Dereference

The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference.

https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-6822-qvxq-m736
Third Party Advisory
https://github.com/InternationalColorConsortium/iccDEV/issues/375
Exploit
Issue Tracking
https://github.com/InternationalColorConsortium/iccDEV/pull/404
Issue Tracking
https://github.com/InternationalColorConsortium/iccDEV/commit/75f124f40ba45491211cb4b67f0e05b7c7d59553
Patch
https://github.com/InternationalColorConsortium/iccDEV/commit/bdfa31940726aaabb0a6f19194d9062ba0598959
Patch