CVE-2026-21506 | THREATINT

Description

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to Null pointer dereference in CIccProfileXml::ParseBasic(), leading to denial of service. This issue has been patched in version 2.3.1.2.

PUBLISHED Reserved 2025-12-29 | Published 2026-01-07 | Updated 2026-01-07 | Assigner GitHub_M

MEDIUM: 5.5CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Problem types

CWE-20: Improper Input Validation

CWE-476: NULL Pointer Dereference

Product status

< 2.3.1.2

affected

References

github.com/...iccDEV/security/advisories/GHSA-wfm7-m548-x4vp

github.com/InternationalColorConsortium/iccDEV/issues/371

github.com/InternationalColorConsortium/iccDEV/pull/418

github.com/...ommit/f2ea32372ad3ebbd29147940229cb9c5548fe033

cve.org (CVE-2026-21506)

nvd.nist.gov (CVE-2026-21506)

Download JSON