Login Sign Up

CVE-2026-21499

5.5 MEDIUM
Denial of Service

📋 TL;DR

CVE-2026-21499 is a NULL pointer dereference vulnerability in iccDEV's XML parser that can cause application crashes or denial of service. This affects systems using iccDEV libraries for ICC color profile processing prior to version 2.3.1.2. The vulnerability is triggered when parsing malformed XML input.

💻 Affected Systems

Products:
  • iccDEV library and tools
Versions: All versions prior to 2.3.1.2
Operating Systems: All platforms where iccDEV is installed
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability is present in default installations when XML parsing functionality is used.

📦 What is this software?

Iccdev by Color

View all CVEs affecting Iccdev →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete application crash leading to denial of service, potentially disrupting color management workflows in critical systems.

🟠

Likely Case

Application crash or unexpected termination when processing specially crafted ICC profile files containing malformed XML.

🟢

If Mitigated

No impact if proper input validation or patched version is used; crashes would be contained within the affected process.

🌐 Internet-Facing: LOW - Requires processing of malicious ICC profile files, which is not typical for internet-facing services.
🏢 Internal Only: MEDIUM - Internal applications processing untrusted ICC profiles could experience crashes affecting workflow continuity.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires providing malformed XML input to the vulnerable parser, which is straightforward for attackers with file upload capabilities.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.3.1.2

Vendor Advisory: https://github.com/InternationalColorConsortium/iccDEV/security/advisories

Restart Required: Yes

Instructions:

1. Update iccDEV to version 2.3.1.2 or later. 2. Rebuild any applications using iccDEV libraries. 3. Restart affected services.

🔧 Temporary Workarounds

Input validation for ICC profiles

all

Implement strict validation of ICC profile files before processing to reject malformed XML content.

Disable XML parsing features

all

If XML parsing is not required, disable or remove XML-related functionality from iccDEV configuration.

🧯 If You Can't Patch

  • Implement network segmentation to isolate systems using vulnerable iccDEV versions
  • Deploy application-level firewalls to block or sanitize ICC profile file uploads

🔍 How to Verify

Check if Vulnerable:

Check iccDEV version using 'iccdev --version' or examine linked library versions in applications.

Check Version:

iccdev --version

Verify Fix Applied:

Confirm version is 2.3.1.2 or later and test with known malformed ICC profile files to ensure no crashes occur.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with segmentation fault errors
  • Unexpected process termination when processing ICC files

Network Indicators:

  • Multiple failed file upload attempts to ICC processing endpoints

SIEM Query:

source="*icc*" AND ("segmentation fault" OR "null pointer" OR "SIGSEGV")

📊 Metadata

CVE ID: CVE-2026-21499
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE: CWE-20
EPSS Score: 0.02% exploit probability (4.3th percentile)
Published: January 7, 2026
Last Updated: January 9, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-21499, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)