Login Sign Up

CVE-2026-21506

5.5 MEDIUM
Denial of Service

📋 TL;DR

This CVE describes a null pointer dereference vulnerability in iccDEV's CIccProfileXml::ParseBasic() function that can cause denial of service. Attackers can crash applications using vulnerable iccDEV versions by providing malformed ICC color profile data. This affects any software or systems using iccDEV libraries for color management.

💻 Affected Systems

Products:
  • iccDEV library and any software using iccDEV for ICC color profile management
Versions: All versions prior to 2.3.1.2
Operating Systems: All platforms where iccDEV is used (Linux, Windows, macOS, etc.)
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability triggers when processing ICC color profiles through the XML parsing functionality.

📦 What is this software?

Iccdev by Color

View all CVEs affecting Iccdev →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete application crash leading to denial of service for color management functionality, potentially disrupting workflows in design, printing, or imaging applications.

🟠

Likely Case

Application instability or crashes when processing malformed ICC color profiles, requiring restart of affected applications.

🟢

If Mitigated

Minimal impact with proper input validation and updated libraries; applications continue functioning normally.

🌐 Internet-Facing: LOW - This requires processing of malicious ICC profiles, which typically requires user interaction or specific workflows rather than direct internet exposure.
🏢 Internal Only: MEDIUM - Internal applications processing untrusted ICC profiles could experience crashes, but requires specific workflow conditions.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW - Requires providing malformed ICC profile data to vulnerable parsing function.

Exploitation requires ability to supply ICC profile data to vulnerable applications, typically through file uploads or processing workflows.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.3.1.2

Vendor Advisory: https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-wfm7-m548-x4vp

Restart Required: Yes

Instructions:

1. Update iccDEV to version 2.3.1.2 or later. 2. Rebuild any applications using iccDEV libraries. 3. Restart applications using the updated libraries.

🔧 Temporary Workarounds

Input validation for ICC profiles

all

Implement validation checks on ICC profile files before processing

Disable XML profile parsing

all

If XML profile parsing is not required, disable this functionality

🧯 If You Can't Patch

  • Implement strict input validation for all ICC profile files
  • Isolate color profile processing to dedicated systems with limited impact if crashes occur

🔍 How to Verify

Check if Vulnerable:

Check iccDEV version in use; versions below 2.3.1.2 are vulnerable

Check Version:

Check library version or consult application documentation for iccDEV version information

Verify Fix Applied:

Verify iccDEV version is 2.3.1.2 or later and test with known malformed ICC profiles

📡 Detection & Monitoring

Log Indicators:

  • Application crashes or segmentation faults when processing ICC profiles
  • Error messages related to CIccProfileXml::ParseBasic()

Network Indicators:

  • Unusual ICC profile file transfers to applications using iccDEV

SIEM Query:

Application logs containing 'segmentation fault', 'null pointer', or 'CIccProfileXml' during ICC profile processing

📊 Metadata

CVE ID: CVE-2026-21506
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE: CWE-20
EPSS Score: 0.01% exploit probability (2.2th percentile)
Published: January 7, 2026
Last Updated: January 13, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-21506, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)