Login Sign Up

CVE-2026-21684

7.1 HIGH

📋 TL;DR

This vulnerability involves undefined behavior in the CIccTagSpectralViewingConditions() function of the iccDEV library, which could lead to crashes, memory corruption, or potential code execution when processing malicious ICC color profiles. It affects all users of iccDEV library versions prior to 2.3.1.2 who process ICC color profiles from untrusted sources.

💻 Affected Systems

Products:
  • iccDEV library
  • Any software using iccDEV library
Versions: All versions prior to 2.3.1.2
Operating Systems: All platforms where iccDEV is used
Default Config Vulnerable: ⚠️ Yes
Notes: Any application linking against vulnerable iccDEV versions is affected when processing ICC profiles.

📦 What is this software?

Iccdev by Color

View all CVEs affecting Iccdev →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise if an attacker can supply malicious ICC profiles and trigger the undefined behavior to achieve memory corruption.

🟠

Likely Case

Application crashes or denial of service when processing malformed ICC profiles, potentially disrupting color management workflows.

🟢

If Mitigated

Limited impact if only trusted ICC profiles are processed and proper input validation/sandboxing is implemented.

🌐 Internet-Facing: MEDIUM - Applications that accept ICC profiles from external users (like image upload features) could be exploited remotely.
🏢 Internal Only: LOW - Internal systems processing only trusted ICC profiles face minimal risk.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: HIGH

Exploitation requires crafting malicious ICC profiles and triggering the specific undefined behavior, which may be complex.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.3.1.2

Vendor Advisory: https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-fg9m-j9x8-8279

Restart Required: Yes

Instructions:

1. Update iccDEV library to version 2.3.1.2 or later. 2. Recompile any applications using iccDEV with the updated library. 3. Restart affected applications/services.

🧯 If You Can't Patch

  • Restrict processing of ICC profiles to trusted sources only.
  • Implement application sandboxing/containerization to limit potential impact.

🔍 How to Verify

Check if Vulnerable:

Check linked library version in applications or examine iccDEV installation version.

Check Version:

Check library files or use package manager (e.g., on Linux: `ldconfig -p | grep iccDEV` or examine build configuration)

Verify Fix Applied:

Verify iccDEV version is 2.3.1.2 or later and applications have been recompiled with updated library.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes when processing ICC files
  • Memory access violation errors in logs

Network Indicators:

  • Unusual ICC profile uploads to applications

SIEM Query:

Search for application crash logs containing 'iccDEV', 'CIccTagSpectralViewingConditions', or memory violation errors.

📊 Metadata

CVE ID: CVE-2026-21684
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
CWE: CWE-20
EPSS Score: 0.11% exploit probability (29.6th percentile)
Published: January 7, 2026
Last Updated: January 12, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-21684, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)