Login Sign Up

CVE-2026-21503

6.1 MEDIUM

📋 TL;DR

This vulnerability in iccDEV allows attackers to trigger undefined behavior by exploiting a null pointer passed to memcpy() in CIccTagSparseMatrixArray. This could potentially lead to crashes, memory corruption, or arbitrary code execution. Anyone using iccDEV libraries or tools for ICC color management profile processing is affected.

💻 Affected Systems

Products:
  • iccDEV libraries and tools
Versions: All versions prior to 2.3.1.2
Operating Systems: All platforms where iccDEV is used (Linux, Windows, macOS)
Default Config Vulnerable: ⚠️ Yes
Notes: Any application using iccDEV for ICC profile processing is vulnerable when handling untrusted input.

📦 What is this software?

Iccdev by Color

View all CVEs affecting Iccdev →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Application crash or denial of service due to memory corruption, potentially causing data loss in color processing workflows.

🟢

If Mitigated

Controlled crash with minimal impact if proper memory protections and sandboxing are implemented.

🌐 Internet-Facing: MEDIUM - Exploitation requires processing malicious ICC profiles, which could be delivered via web uploads or email attachments.
🏢 Internal Only: MEDIUM - Internal users could exploit via malicious documents or images, but requires user interaction or automated processing.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires crafting malicious ICC profiles and getting them processed by vulnerable software. No public exploits have been reported.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.3.1.2

Vendor Advisory: https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-h554-qrfh-53gx

Restart Required: Yes

Instructions:

1. Update iccDEV to version 2.3.1.2 or later. 2. Recompile any applications using iccDEV libraries. 3. Restart affected services or applications.

🔧 Temporary Workarounds

Input validation and sanitization

all

Implement strict validation of ICC profile inputs before processing

Memory protection controls

all

Enable ASLR, DEP, and other memory protection mechanisms

🧯 If You Can't Patch

  • Isolate systems using iccDEV in network segments with restricted access
  • Implement application allowlisting to prevent execution of untrusted ICC processing

🔍 How to Verify

Check if Vulnerable:

Check if iccDEV version is below 2.3.1.2 in installed packages or linked libraries

Check Version:

iccdev --version or check package manager (apt list iccdev, yum list iccdev, etc.)

Verify Fix Applied:

Verify iccDEV version is 2.3.1.2 or higher and test with known safe ICC profiles

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with segmentation faults
  • Memory access violation errors
  • Unexpected termination of ICC processing applications

Network Indicators:

  • Unusual uploads of ICC profile files
  • Multiple failed processing attempts

SIEM Query:

source="application_logs" AND ("segmentation fault" OR "access violation" OR "null pointer") AND process="*icc*"

📊 Metadata

CVE ID: CVE-2026-21503
CVSS v3 Score: 6.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
CWE: CWE-20
EPSS Score: 0.02% exploit probability (4.2th percentile)
Published: January 7, 2026
Last Updated: January 9, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-21503, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)