CVE-2026-21500

HIGH EPSS 7.9%
Published Jan 7, 20265mo ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
High
Find Similar
Published Jan 7, 2026 5mo ago
Last Modified Jun 17, 2026 2w ago

Description

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to stack overflow in the XML calculator macro expansion. This issue has been patched in version 2.3.1.2.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
7.9% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 5

CWE-1119
CWE-20 Improper Input Validation Validation
CWE-400 Uncontrolled Resource Consumption Resource Mgmt
CWE-674
CWE-787 Out-of-bounds Write Memory Safety

Affected Products 1

VendorProductVersionRange
coloriccdev* <2.3.1.2

References 5

  • github.com https://github.com/InternationalColorConsortium/iccDEV/commit/cce5f9b68a6c067b7ef898ccd5b000770745fb14
    Patch
  • github.com https://github.com/InternationalColorConsortium/iccDEV/commit/f295826a6f15add90490030f23b2ddd8593bff5b
    Patch
  • github.com https://github.com/InternationalColorConsortium/iccDEV/issues/384
    ExploitIssue Tracking
  • github.com https://github.com/InternationalColorConsortium/iccDEV/pull/406
    Issue Tracking
  • github.com https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-4h4j-mm9w-2cp4
    Third Party Advisory

Remediation

  • github.com https://github.com/InternationalColorConsortium/iccDEV/commit/cce5f9b68a6c067b7ef898ccd5b000770745fb14
    Patch
  • github.com https://github.com/InternationalColorConsortium/iccDEV/commit/f295826a6f15add90490030f23b2ddd8593bff5b
    Patch