CVE-2026-21673 – This vulnerability involves integer overflow/un... (How to Fix)

Q: What is the severity of CVE-2026-21673?

CVE-2026-21673 has a CVSS score of 7.8 (HIGH). This vulnerability involves integer overflow/underflow in the CIccXmlArrayType::ParseTextCountNum() function of iccDEV library, which could allow memory corruption when processing malicious ICC color profiles. It affects applications using iccDEV versions 2.3.1 and below for color management. Successful exploitation could lead to arbitrary code execution or application crashes.

📋 TL;DR

This vulnerability involves integer overflow/underflow in the CIccXmlArrayType::ParseTextCountNum() function of iccDEV library, which could allow memory corruption when processing malicious ICC color profiles. It affects applications using iccDEV versions 2.3.1 and below for color management. Successful exploitation could lead to arbitrary code execution or application crashes.

💻 Affected Systems

Products:

iccDEV library
Applications using iccDEV for ICC color profile processing

Versions: Versions 2.3.1 and below

Operating Systems: All platforms where iccDEV is used (Linux, Windows, macOS, etc.)

Default Config Vulnerable: ⚠️ Yes

Notes: Any application that uses iccDEV to parse ICC color profiles is vulnerable. The vulnerability is in the XML parsing component of the library.

📦 What is this software?

Iccdev by Color

View all CVEs affecting Iccdev →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the application processing the ICC profile, potentially leading to full system compromise.

🟠

Likely Case

Application crash (denial of service) when processing malformed ICC profiles, disrupting color management functionality.

🟢

If Mitigated

Limited impact with proper input validation and memory protections, potentially causing only application instability.

🌐 Internet-Facing: MEDIUM - Applications processing user-uploaded ICC profiles from untrusted sources could be exploited remotely.

🏢 Internal Only: LOW - Typically only affects internal color management workflows with trusted profile sources.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting a malicious ICC profile with specific XML content to trigger the overflow/underflow conditions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.3.1.1

Vendor Advisory: https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-g66g-f82c-vgm6

Restart Required: Yes

Instructions:

1. Identify applications using iccDEV
2. Update iccDEV library to version 2.3.1.1 or later
3. Rebuild applications if statically linked
4. Restart affected applications/services

🔧 Temporary Workarounds

Input Validation

all

Implement strict validation of ICC profile inputs before processing

Memory Protection

all

Enable ASLR and DEP/Stack Canaries where supported

🧯 If You Can't Patch

Restrict processing of ICC profiles to trusted sources only
Implement application-level sandboxing for color profile processing

🔍 How to Verify

Check if Vulnerable:

Check if applications link to iccDEV library version 2.3.1 or earlier using ldd (Linux) or dependency walker tools

Check Version:

Check library version in application dependencies or run: strings /path/to/libiccdev.so | grep 'iccDEV version'

Verify Fix Applied:

Verify iccDEV version is 2.3.1.1 or later and test with known ICC profile processing

📡 Detection & Monitoring

Log Indicators:

Application crashes when processing ICC profiles
Memory access violation errors in application logs

Network Indicators:

Unusual ICC profile uploads to applications
Large or malformed ICC profile transfers

SIEM Query:

source="application_logs" AND ("segmentation fault" OR "access violation" OR "iccdev")

📊 Metadata

CVE ID: CVE-2026-21673

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-190

EPSS Score: 0.01% exploit probability (1.7th percentile)

Published: January 6, 2026

Last Updated: January 12, 2026

🔗 References

https://github.com/InternationalColorConsortium/iccDEV/commit/32740802ee14418bd14c429d7e2f142d92cd5c4f Patch
https://github.com/InternationalColorConsortium/iccDEV/issues/243 Issue Tracking,Exploit,Vendor Advisory
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-g66g-f82c-vgm6 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-21673, you might also want to check these: