CVE-2026-21501

Published: Jan 7, 2026Modified: Jan 9, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to stack overflow in the calculator parser. This issue has been patched in version 2.3.1.2.

Affected (1)

Products: Color: Iccdev

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Color Iccdev	Before 2.3.1.2

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (6)

https://github.com/InternationalColorConsortium/iccDEV/blob/8e71f0a701abcbd554725ba7b70258203e682a61/IccProfLib/IccMpeCalc.cpp#L4588

Source: security-advisories@github.com

Product

https://github.com/InternationalColorConsortium/iccDEV/commit/798be59011649a26a529600cc3cd56437634d3d0

Source: security-advisories@github.com

Patch

https://github.com/InternationalColorConsortium/iccDEV/commit/f3056ed99935d479091470127ad16f8be1912bb7

Source: security-advisories@github.com

Patch

https://github.com/InternationalColorConsortium/iccDEV/issues/365

Source: security-advisories@github.com

ExploitIssue Tracking

https://github.com/InternationalColorConsortium/iccDEV/pull/413

Source: security-advisories@github.com

Issue Tracking

https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-x7hw-h22p-2x4w

Source: security-advisories@github.com

Third Party Advisory

Timeline

No history available yet.