Login Sign Up

CVE-2026-21494

6.1 MEDIUM
Buffer Overflow

📋 TL;DR

A heap buffer overflow vulnerability in iccDEV library's CIccTagLut8::Validate() function allows attackers to execute arbitrary code or cause denial of service by processing malicious ICC color profiles. This affects any application using iccDEV library versions before 2.3.1.2 for color management operations. Users who process untrusted ICC profiles are particularly at risk.

💻 Affected Systems

Products:
  • iccDEV library
  • Applications using iccDEV for ICC profile processing
Versions: All versions prior to 2.3.1.2
Operating Systems: All platforms where iccDEV is used (Linux, Windows, macOS)
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability triggers when processing ICC profiles through the CIccTagLut8::Validate() function

📦 What is this software?

Iccdev by Color

View all CVEs affecting Iccdev →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment

🟠

Likely Case

Application crash (denial of service) or limited memory corruption leading to instability

🟢

If Mitigated

Contained application crash with no privilege escalation if proper sandboxing exists

🌐 Internet-Facing: MEDIUM - Requires processing of malicious ICC profiles, which could be delivered via web uploads or email attachments
🏢 Internal Only: LOW - Typically requires user interaction to process malicious files, limiting internal spread

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires crafting malicious ICC profiles and getting them processed by vulnerable applications

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.3.1.2

Vendor Advisory: https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-hjxv-xr7w-84fc

Restart Required: Yes

Instructions:

1. Update iccDEV library to version 2.3.1.2 or later. 2. Rebuild any applications using iccDEV. 3. Restart affected services or applications.

🔧 Temporary Workarounds

No known workarounds

all

The vendor advisory states no workarounds are available

🧯 If You Can't Patch

  • Restrict processing of untrusted ICC profiles
  • Implement application sandboxing to limit impact of potential exploitation

🔍 How to Verify

Check if Vulnerable:

Check if applications use iccDEV library version < 2.3.1.2

Check Version:

Check library version in application dependencies or use package manager (e.g., dpkg -l | grep iccdev)

Verify Fix Applied:

Verify iccDEV library version is 2.3.1.2 or higher

📡 Detection & Monitoring

Log Indicators:

  • Application crashes when processing ICC profiles
  • Memory access violation errors
  • Segmentation faults in color management functions

Network Indicators:

  • Unusual ICC profile uploads to web applications
  • Suspicious file transfers containing .icc/.icm files

SIEM Query:

source="application_logs" AND ("segmentation fault" OR "access violation") AND process="*color*" OR "*icc*"

📊 Metadata

CVE ID: CVE-2026-21494
CVSS v3 Score: 6.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
CWE: CWE-122
EPSS Score: 0.01% exploit probability (2th percentile)
Published: January 6, 2026
Last Updated: January 12, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-21494, you might also want to check these:

CVE-2021-21940 10.0

A heap-based buffer overflow vulnerability in Anker Eufy Homebase 2's RTSP handling allows remote co...

Same vulnerability type (CWE-122)
CVE-2023-45318 10.0

This critical vulnerability allows remote attackers to execute arbitrary code on systems running Wes...

Same vulnerability type (CWE-122)
CVE-2025-23123 10.0

A heap buffer overflow vulnerability in UniFi Protect Camera firmware allows remote code execution. ...

Same vulnerability type (CWE-122)