CVE-2026-21507

Exploit

EPSS 0.09%
Veröffentlicht 06.01.2026 00:11:25
Zuletzt bearbeitet 12.01.2026 21:04:26
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

iccDEV is Vulnerable to Denial of Service via Infinite Loop in CalcProfileID()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have an infinite loop in the IccProfile.cpp function, CalcProfileID. This issue is fixed in version 2.3.1.1.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Color ≫ Iccdev Version < 2.3.1.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.256

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-hgp5-r8m9-8qpj

Patch

Vendor Advisory

https://github.com/InternationalColorConsortium/iccDEV/issues/244

Vendor Advisory

Exploit

Issue Tracking

https://github.com/InternationalColorConsortium/iccDEV/commit/3f3ce789d0d2b608c194ed172fa38943519dc198

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-21507

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-21507

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-21507

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-21507