CVE-2026-21674

Published: Jan 6, 2026Modified: Jan 12, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a memory leak vulnerability in its XML MPE Parsing Path (iccFromXml). This issue is fixed in version 2.3.1.1.

Affected (1)

Products: Color: Iccdev

Color

1 product

Iccdev

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Color Iccdev	Before 2.3.1.1

Related CWEs

CWE-401

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (4)

https://github.com/InternationalColorConsortium/iccDEV/commit/d7028d8f558bb681efe2b85f02eb4ca374502cbb

Source: security-advisories@github.com

Patch

https://github.com/InternationalColorConsortium/iccDEV/issues/241

Source: security-advisories@github.com

Issue TrackingExploitVendor Advisory

https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-xww6-v3vg-4qc7

Source: security-advisories@github.com

PatchVendor Advisory

https://github.com/InternationalColorConsortium/iccDEV/issues/241

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Issue TrackingExploitVendor Advisory

Timeline

No history available yet.