Login Sign Up

CVE-2026-21681

7.1 HIGH
Denial of Service

📋 TL;DR

CVE-2026-21681 is an undefined behavior runtime error in iccDEV library versions before 2.3.1.2 that could lead to crashes or potentially arbitrary code execution when processing ICC color profiles. This affects any application or system using the vulnerable iccDEV library for color management operations. The vulnerability requires processing of ICC color profiles to be triggered.

💻 Affected Systems

Products:
  • iccDEV library
  • Applications using iccDEV for ICC profile processing
Versions: All versions prior to 2.3.1.2
Operating Systems: All platforms where iccDEV is used (Linux, Windows, macOS)
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems that actually use iccDEV library for ICC profile processing. Many systems may not have this library installed.

📦 What is this software?

Iccdev by Color

View all CVEs affecting Iccdev →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise if the undefined behavior can be weaponized to execute arbitrary code.

🟠

Likely Case

Application crashes or denial of service when processing malicious or malformed ICC color profiles.

🟢

If Mitigated

Limited impact with proper input validation and sandboxing, potentially just crashes in isolated processes.

🌐 Internet-Facing: MEDIUM - Applications processing user-uploaded ICC profiles could be exploited remotely, but requires specific color management functionality.
🏢 Internal Only: LOW - Requires processing of ICC profiles, which is typically limited to specific graphics/design applications.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: HIGH

Undefined behavior vulnerabilities are unpredictable - exploitation depends on specific compiler, platform, and memory layout conditions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.3.1.2

Vendor Advisory: https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-v4qq-v3c3-x62x

Restart Required: Yes

Instructions:

1. Identify applications using iccDEV. 2. Update iccDEV to version 2.3.1.2. 3. Rebuild applications if statically linked. 4. Restart affected applications/services.

🔧 Temporary Workarounds

No known workarounds

all

The advisory states no known workarounds are available

🧯 If You Can't Patch

  • Isolate systems using iccDEV from untrusted networks
  • Implement strict input validation for ICC profile files before processing

🔍 How to Verify

Check if Vulnerable:

Check iccDEV version: 'iccdev --version' or check library version in package manager

Check Version:

iccdev --version 2>/dev/null || dpkg -l | grep iccdev || rpm -qa | grep iccdev

Verify Fix Applied:

Confirm iccDEV version is 2.3.1.2 or later

📡 Detection & Monitoring

Log Indicators:

  • Application crashes when processing ICC profiles
  • Segmentation faults in color management processes

Network Indicators:

  • Unusual ICC profile uploads to applications
  • Multiple failed ICC processing attempts

SIEM Query:

source="application_logs" AND ("segmentation fault" OR "SIGSEGV") AND process="*icc*"

📊 Metadata

CVE ID: CVE-2026-21681
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
CWE: CWE-20
EPSS Score: 0.11% exploit probability (28.9th percentile)
Published: January 7, 2026
Last Updated: January 14, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-21681, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)