CVE-2026-21491

Published: Jan 6, 2026Modified: Jan 12, 2026

7.1

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Exploitability: 1.8 / Impact: 5.2

Source: NVD

Description

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It results in unicode buffer overflow in `CIccTagTextDescription`. Version 2.3.1.2 contains a patch. No known workarounds are available.

Affected (1)

Products: Color: Iccdev

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Color Iccdev	Before 2.3.1.2

Related CWEs

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

Off-by-one Error

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

References (4)

https://github.com/InternationalColorConsortium/iccDEV/commit/7c2cb719a9de1c00844e457e070d657314383ee3

Source: security-advisories@github.com

Patch

https://github.com/InternationalColorConsortium/iccDEV/commit/e91fe722ac54ce497d410153e7405090e0565d7b

Source: security-advisories@github.com

Patch

https://github.com/InternationalColorConsortium/iccDEV/issues/396

Source: security-advisories@github.com

Issue TrackingExploitVendor Advisory

https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-4pv4-4x2x-6j88

Source: security-advisories@github.com

PatchVendor Advisory

Timeline

No history available yet.