Login Sign Up

CVE-2026-21490

6.1 MEDIUM

📋 TL;DR

A heap buffer overflow vulnerability in iccDEV library's CIccTagLut16::Validate() function allows attackers to execute arbitrary code or cause denial of service by processing malicious ICC color profiles. This affects all applications using iccDEV library versions before 2.3.1.2 for color management operations.

💻 Affected Systems

Products:
  • iccDEV library
  • Applications using iccDEV for ICC profile processing
Versions: All versions prior to 2.3.1.2
Operating Systems: All platforms where iccDEV is used
Default Config Vulnerable: ⚠️ Yes
Notes: Any application that processes ICC color profiles using iccDEV library is vulnerable

📦 What is this software?

Iccdev by Color

View all CVEs affecting Iccdev →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment

🟠

Likely Case

Application crash or denial of service affecting color processing functionality

🟢

If Mitigated

Contained application crash with no privilege escalation if proper sandboxing exists

🌐 Internet-Facing: MEDIUM - Requires processing of attacker-controlled ICC profiles, which could be delivered via web uploads or email attachments
🏢 Internal Only: LOW - Requires user interaction with malicious files, less likely in controlled environments

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user or application to process a malicious ICC profile file

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.3.1.2

Vendor Advisory: https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-9q9c-699q-xr2q

Restart Required: Yes

Instructions:

1. Identify applications using iccDEV library. 2. Update iccDEV to version 2.3.1.2 or later. 3. Rebuild applications if statically linked. 4. Restart affected applications/services.

🔧 Temporary Workarounds

No known workarounds

all

The vulnerability has no known workarounds according to the advisory

🧯 If You Can't Patch

  • Restrict file uploads of ICC profiles to trusted sources only
  • Implement application sandboxing to limit impact of potential exploitation

🔍 How to Verify

Check if Vulnerable:

Check if applications link to iccDEV library version < 2.3.1.2 using ldd (Linux) or dependency walker tools

Check Version:

Check library version in build configuration or use package manager: dpkg -l | grep iccdev or rpm -qa | grep iccdev

Verify Fix Applied:

Verify iccDEV version is 2.3.1.2 or later and applications have been rebuilt/restarted

📡 Detection & Monitoring

Log Indicators:

  • Application crashes during ICC profile processing
  • Memory access violation errors in application logs

Network Indicators:

  • Unusual ICC profile file uploads to web applications

SIEM Query:

Application: (iccdev OR "ICC profile") AND Event: (crash OR "access violation" OR "buffer overflow")

📊 Metadata

CVE ID: CVE-2026-21490
CVSS v3 Score: 6.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
CWE: CWE-122
EPSS Score: 0.01% exploit probability (1.8th percentile)
Published: January 6, 2026
Last Updated: January 12, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-21490, you might also want to check these:

CVE-2021-21940 10.0

A heap-based buffer overflow vulnerability in Anker Eufy Homebase 2's RTSP handling allows remote co...

Same vulnerability type (CWE-122)
CVE-2023-45318 10.0

This critical vulnerability allows remote attackers to execute arbitrary code on systems running Wes...

Same vulnerability type (CWE-122)
CVE-2025-23123 10.0

A heap buffer overflow vulnerability in UniFi Protect Camera firmware allows remote code execution. ...

Same vulnerability type (CWE-122)