Login Sign Up

CVE-2026-21500

5.5 MEDIUM
Denial of Service

📋 TL;DR

CVE-2026-21500 is a stack overflow vulnerability in iccDEV's XML calculator macro expansion that could allow attackers to execute arbitrary code or cause denial of service. This affects all systems using iccDEV libraries or tools for ICC color management profile manipulation. The vulnerability exists in versions prior to 2.3.1.2.

💻 Affected Systems

Products:
  • iccDEV libraries and tools
Versions: All versions < 2.3.1.2
Operating Systems: All platforms running iccDEV
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability triggers when processing XML calculator macros in ICC profiles

📦 What is this software?

Iccdev by Color

View all CVEs affecting Iccdev →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or persistent backdoor installation

🟠

Likely Case

Application crash or denial of service affecting color management functionality

🟢

If Mitigated

Contained application crash with no system-level impact if proper sandboxing exists

🌐 Internet-Facing: MEDIUM - Requires specific XML input processing, not directly network-exposed by default
🏢 Internal Only: MEDIUM - Could be exploited via malicious ICC profiles or XML inputs in internal workflows

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting malicious XML calculator macros in ICC profiles

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.3.1.2

Vendor Advisory: https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-4h4j-mm9w-2cp4

Restart Required: Yes

Instructions:

1. Update iccDEV to version 2.3.1.2 or later
2. Rebuild any applications using iccDEV libraries
3. Restart affected services

🔧 Temporary Workarounds

Input validation for ICC profiles

all

Implement strict validation of XML calculator macros in ICC profiles before processing

Sandbox iccDEV processing

all

Run iccDEV operations in isolated containers or sandboxed environments

🧯 If You Can't Patch

  • Implement network segmentation to isolate systems using iccDEV
  • Monitor for abnormal process crashes or memory usage in iccDEV applications

🔍 How to Verify

Check if Vulnerable:

Check iccDEV version using 'iccdev --version' or examine package manager output

Check Version:

iccdev --version

Verify Fix Applied:

Confirm version is 2.3.1.2 or higher and test with known safe ICC profiles

📡 Detection & Monitoring

Log Indicators:

  • Segmentation faults in iccDEV processes
  • Abnormal memory usage patterns
  • Repeated process crashes

Network Indicators:

  • Unusual ICC profile uploads to applications using iccDEV

SIEM Query:

process_name:iccdev AND (event_type:crash OR memory_usage > threshold)

📊 Metadata

CVE ID: CVE-2026-21500
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE: CWE-20
EPSS Score: 0.02% exploit probability (4.4th percentile)
Published: January 7, 2026
Last Updated: January 9, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-21500, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)