Login Sign Up

CVE-2026-21497

5.5 MEDIUM
Denial of Service

📋 TL;DR

A NULL pointer dereference vulnerability in iccDEV's unknown tag parser allows attackers to cause denial of service by crashing applications using the library. This affects all systems running iccDEV versions before 2.3.1.2 that process untrusted ICC color profiles.

💻 Affected Systems

Products:
  • iccDEV library and tools
Versions: All versions before 2.3.1.2
Operating Systems: All platforms where iccDEV is installed
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability is triggered when parsing ICC profiles with unknown tags, which may occur with custom or malformed profiles.

📦 What is this software?

Iccdev by Color

View all CVEs affecting Iccdev →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Application crash leading to denial of service, potentially disrupting color-critical workflows in design, printing, or imaging applications.

🟠

Likely Case

Application instability or crash when processing malformed ICC color profiles, requiring restart of affected software.

🟢

If Mitigated

Minimal impact with proper input validation and error handling in calling applications.

🌐 Internet-Facing: MEDIUM - Applications processing user-uploaded ICC profiles from web interfaces could be targeted.
🏢 Internal Only: LOW - Requires processing of malicious ICC profiles, which is less likely in controlled environments.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires providing a malicious ICC profile to vulnerable software, but no public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.3.1.2

Vendor Advisory: https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-7gv7-cmrv-4j85

Restart Required: Yes

Instructions:

1. Update iccDEV to version 2.3.1.2 or later. 2. Rebuild any applications linked against iccDEV. 3. Restart services using the updated library.

🔧 Temporary Workarounds

Input validation

all

Implement strict validation of ICC profile inputs before processing

Sandbox processing

all

Isolate ICC profile processing in separate containers or sandboxes

🧯 If You Can't Patch

  • Restrict processing of untrusted ICC profiles to minimize attack surface
  • Implement monitoring for application crashes related to ICC profile processing

🔍 How to Verify

Check if Vulnerable:

Check iccDEV version using 'iccdev --version' or examine linked library version in applications

Check Version:

iccdev --version

Verify Fix Applied:

Confirm version is 2.3.1.2 or later and test with known ICC profile processing

📡 Detection & Monitoring

Log Indicators:

  • Application crashes during ICC profile processing
  • Segmentation faults in iccDEV-related processes

Network Indicators:

  • Unusual ICC profile uploads to web applications
  • Multiple failed ICC processing attempts

SIEM Query:

source="application.log" AND ("segmentation fault" OR "null pointer") AND "icc"

📊 Metadata

CVE ID: CVE-2026-21497
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE: CWE-20
EPSS Score: 0.02% exploit probability (4.2th percentile)
Published: January 7, 2026
Last Updated: January 9, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-21497, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)