Home

Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are prone to have Undefined Behavior (UB) and Out of Memory errors. This issue is fixed in version 2.3.1.2.

PUBLISHED Reserved 2025-12-29 | Published 2026-01-06 | Updated 2026-01-06 | Assigner GitHub_M




HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Problem types

CWE-20: Improper Input Validation

CWE-125: Out-of-bounds Read

CWE-190: Integer Overflow or Wraparound

CWE-400: Uncontrolled Resource Consumption

CWE-476: NULL Pointer Dereference

CWE-787: Out-of-bounds Write

CWE-1284: Improper Validation of Specified Quantity in Input

Product status

< 2.3.1.2
affected

References

github.com/InternationalColorConsortium/iccDEV/issues/340 exploit

github.com/...iccDEV/security/advisories/GHSA-chp2-4gv5-2432

github.com/InternationalColorConsortium/iccDEV/issues/340

github.com/...ommit/c136aac51d25cbb4d9db63f071edad4f088843df

cve.org (CVE-2026-21485)

nvd.nist.gov (CVE-2026-21485)

Download JSON