CVE-2026-21507 | THREATINT

Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have an infinite loop in the IccProfile.cpp function, CalcProfileID. This issue is fixed in version 2.3.1.1.

PUBLISHED Reserved 2025-12-29 | Published 2026-01-06 | Updated 2026-01-06 | Assigner GitHub_M

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

Product status

< 2.3.1.1

affected

References

github.com/...iccDEV/security/advisories/GHSA-hgp5-r8m9-8qpj

github.com/InternationalColorConsortium/iccDEV/issues/244

github.com/...ommit/3f3ce789d0d2b608c194ed172fa38943519dc198

cve.org (CVE-2026-21507)

nvd.nist.gov (CVE-2026-21507)

Download JSON