Login Sign Up

CVE-2026-21675

9.8 CRITICAL

📋 TL;DR

CVE-2026-21675 is a use-after-free vulnerability in iccDEV's CIccXform::Create() function that can lead to arbitrary code execution. This affects applications using iccDEV libraries for ICC color profile processing. Attackers could exploit this to compromise systems processing malicious color profiles.

💻 Affected Systems

Products:
  • iccDEV library
  • Applications using iccDEV for ICC color management
Versions: Versions 2.3.1 and below
Operating Systems: All platforms where iccDEV is used (Linux, Windows, macOS)
Default Config Vulnerable: ⚠️ Yes
Notes: Any application linking against vulnerable iccDEV versions is affected when processing ICC profiles.

📦 What is this software?

Iccdev by Color

View all CVEs affecting Iccdev →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Application crashes (denial of service) or limited code execution within the application context.

🟢

If Mitigated

Application crash without code execution if memory protections like ASLR are effective.

🌐 Internet-Facing: HIGH - Applications processing user-uploaded color profiles from the internet are directly exposed.
🏢 Internal Only: MEDIUM - Internal applications processing color profiles could be exploited via malicious files.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting a malicious ICC profile, but use-after-free vulnerabilities are commonly weaponized.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.3.1.1

Vendor Advisory: https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-wcwx-794g-g78f

Restart Required: Yes

Instructions:

1. Update iccDEV to version 2.3.1.1 or later. 2. Recompile applications using iccDEV. 3. Restart affected services.

🔧 Temporary Workarounds

Disable ICC profile processing

all

Temporarily disable color profile processing in applications if not essential

Input validation

all

Implement strict validation of ICC profile files before processing

🧯 If You Can't Patch

  • Isolate systems using iccDEV behind network segmentation
  • Implement application allowlisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check linked libraries for iccDEV version ≤2.3.1 using ldd/otool/dependency walker

Check Version:

pkg-config --modversion iccdev (Linux) or check library version info

Verify Fix Applied:

Verify iccDEV version is ≥2.3.1.1 and applications have been recompiled

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with memory access violations
  • Unexpected process termination when processing color profiles

Network Indicators:

  • Unusual outbound connections from color management applications

SIEM Query:

Process: (name contains 'color' OR 'icc') AND EventID: 1000 (Application Crash)

📊 Metadata

CVE ID: CVE-2026-21675
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-20
EPSS Score: 0.13% exploit probability (32.9th percentile)
Published: January 6, 2026
Last Updated: January 12, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-21675, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)