Login Sign Up

CVE-2026-21690

6.3 MEDIUM

📋 TL;DR

CVE-2026-21690 is a type confusion vulnerability in iccDEV's CIccTagXmlTagData::ToXml() function that could allow memory corruption when processing malicious ICC color profiles. This affects applications using iccDEV libraries for color management. Successful exploitation could lead to crashes or arbitrary code execution.

💻 Affected Systems

Products:
  • iccDEV library
  • Applications using iccDEV for ICC profile processing
Versions: All versions prior to 2.3.1.2
Operating Systems: All platforms where iccDEV is used
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability triggers when processing ICC profiles through the affected ToXml() function.

📦 What is this software?

Iccdev by Color

View all CVEs affecting Iccdev →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise if the vulnerable library processes attacker-controlled ICC profiles.

🟠

Likely Case

Application crashes (denial of service) when processing malformed ICC profiles, potentially disrupting color management functionality.

🟢

If Mitigated

Limited impact with proper input validation and sandboxing, potentially only causing application instability.

🌐 Internet-Facing: MEDIUM - Applications processing user-uploaded ICC profiles from web interfaces could be exploited remotely.
🏢 Internal Only: LOW - Typically requires local file access or specific application integration to trigger.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires crafting malicious ICC profiles and triggering the vulnerable function.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.3.1.2

Vendor Advisory: https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-2f26-vh48-38g6

Restart Required: Yes

Instructions:

1. Update iccDEV to version 2.3.1.2 or later. 2. Recompile applications using the library. 3. Restart affected services.

🔧 Temporary Workarounds

No known workarounds

all

The vendor advisory states no workarounds are available.

🧯 If You Can't Patch

  • Implement strict input validation for ICC profile files before processing.
  • Sandbox applications using iccDEV to limit potential damage from exploitation.

🔍 How to Verify

Check if Vulnerable:

Check if applications link to iccDEV library version < 2.3.1.2 using ldd (Linux) or dependency walker tools.

Check Version:

Check library version in build configuration or use package manager queries specific to your distribution.

Verify Fix Applied:

Verify iccDEV version is 2.3.1.2 or higher and applications have been recompiled with the updated library.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes when processing ICC profiles
  • Memory access violation errors in application logs

Network Indicators:

  • Unusual ICC profile uploads to web applications
  • Large or malformed ICC profile transfers

SIEM Query:

Application logs containing 'segmentation fault', 'access violation', or similar errors during ICC profile processing.

📊 Metadata

CVE ID: CVE-2026-21690
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CWE: CWE-20
EPSS Score: 0.1% exploit probability (26.8th percentile)
Published: January 7, 2026
Last Updated: January 12, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-21690, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)