CVE-2026-21485

HIGH

iccDEV <2.3.1.2 - Buffer Overflow

Title source: llm

Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are prone to have Undefined Behavior (UB) and Out of Memory errors. This issue is fixed in version 2.3.1.2.

References (3)

[Vendor Advisory] https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-chp2-4gv5-2432

[Exploit, Issue Tracking, Vendor Advisory] https://github.com/InternationalColorConsortium/iccDEV/issues/340

[Patch] https://github.com/InternationalColorConsortium/iccDEV/commit/c136aac51d25cbb4d9db63f071edad4f088843df

View Patch ZIP pw:eip

Scores

CVSS v3 8.8

EPSS 0.0013

EPSS Percentile 32.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-125 CWE-1284 CWE-190 CWE-20 CWE-400 CWE-476 CWE-787

Status published

Products (1)

color/iccdev < 2.3.1.2

Published Jan 06, 2026

Tracked Since Feb 18, 2026