5.5

CVE-2026-21499

Exploit

NULL Pointer Dereference in iccDEV XML Parser

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML parser. This issue has been patched in version 2.3.1.2.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ColorIccdev Version < 2.3.1.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.05
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security-advisories@github.com 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

CWE-690 Unchecked Return Value to NULL Pointer Dereference

The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference.

https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-c3pv-2cpf-7v2p
Third Party Advisory
https://github.com/InternationalColorConsortium/iccDEV/issues/372
Exploit
Issue Tracking
https://github.com/InternationalColorConsortium/iccDEV/pull/412
Issue Tracking
https://github.com/InternationalColorConsortium/iccDEV/commit/00c03013e11b35ddbd7caae4368d1add185849d9
Patch
https://github.com/InternationalColorConsortium/iccDEV/commit/af299895bbcbecca6f67d6dc3d8e1dc92f1fc3fa
Patch
https://github.com/InternationalColorConsortium/iccDEV/blob/8e71f0a701abcbd554725ba7b70258203e682a61/IccXML/IccLibXML/IccProfileXml.cpp#L477
Product