Login Sign Up

CVE-2026-21678

7.8 HIGH

📋 TL;DR

CVE-2026-21678 is a heap-buffer-overflow vulnerability in the IccTagXml() function of iccDEV, a library for ICC color management profiles. It allows attackers to potentially execute arbitrary code or cause denial-of-service by exploiting improper input validation. Users of iccDEV versions prior to 2.3.1.2 are affected.

💻 Affected Systems

Products:
  • iccDEV
Versions: All versions prior to 2.3.1.2
Operating Systems: All platforms where iccDEV is installed (e.g., Linux, Windows, macOS)
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability is in the core library function IccTagXml(), affecting any application using iccDEV for color profile processing.

📦 What is this software?

Iccdev by Color

View all CVEs affecting Iccdev →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, or malware deployment.

🟠

Likely Case

Denial-of-service crashes or application instability due to memory corruption.

🟢

If Mitigated

Limited impact with proper input sanitization and memory protections, such as ASLR or DEP.

🌐 Internet-Facing: MEDIUM, as exploitation requires specific input to iccDEV functions, which may be exposed via web services or APIs handling color profiles.
🏢 Internal Only: LOW, as internal use typically involves trusted inputs and limited attack surface.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting malicious ICC profile data to trigger the overflow, but no public proof-of-concept is available yet.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.3.1.2

Vendor Advisory: https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-9rp2-4c6g-hppf

Restart Required: Yes

Instructions:

1. Check current iccDEV version. 2. Update to version 2.3.1.2 via package manager or manual compilation. 3. Restart any services or applications using iccDEV.

🔧 Temporary Workarounds

Input Validation

all

Implement strict validation of ICC profile inputs to reject malformed data before processing by iccDEV.

🧯 If You Can't Patch

  • Restrict access to iccDEV functions to trusted users and applications only.
  • Use memory protection mechanisms like ASLR and DEP to reduce exploit success.

🔍 How to Verify

Check if Vulnerable:

Check if iccDEV version is below 2.3.1.2 using the version check command.

Check Version:

iccdev --version or check package manager (e.g., dpkg -l iccdev on Debian).

Verify Fix Applied:

Confirm iccDEV version is 2.3.1.2 or higher and test with known safe ICC profiles.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes or segmentation faults in logs related to iccDEV or color processing.

Network Indicators:

  • Unusual network traffic sending ICC profile files to vulnerable services.

SIEM Query:

Search for events where process name contains 'iccdev' and exit code indicates crash (e.g., SIGSEGV).

📊 Metadata

CVE ID: CVE-2026-21678
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-20
EPSS Score: 0.02% exploit probability (4.4th percentile)
Published: January 7, 2026
Last Updated: January 13, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-21678, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)