CVE-2026-21507
HIGHiccdev < 2.3.1.1 - Denial of Service via Infinite Loop in CalcProfileID
Title source: llmDescription
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have an infinite loop in the IccProfile.cpp function, CalcProfileID. This issue is fixed in version 2.3.1.1.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-hgp5-r8m9-8qpj
Issue Tracking, Exploit, Vendor Advisory x_refsource_misc
https://github.com/InternationalColorConsortium/iccDEV/issues/244
Scores
CVSS v3
7.5
EPSS
0.0037
EPSS Percentile
29.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-835
Status
published
Products (1)
color/iccdev
< 2.3.1.1
Published
Jan 06, 2026
Tracked Since
Feb 18, 2026