Login Sign Up

CVE-2026-21693

8.8 HIGH
Denial of Service

📋 TL;DR

CVE-2026-21693 is a type confusion vulnerability in iccDEV's CIccSegmentedCurveXml::ToXml() function that could allow memory corruption when processing malicious ICC color profiles. This affects applications using iccDEV libraries for color management. Attackers could potentially execute arbitrary code or cause denial of service.

💻 Affected Systems

Products:
  • iccDEV library
  • Applications using iccDEV for ICC profile processing
Versions: All versions prior to 2.3.1.2
Operating Systems: All platforms where iccDEV is used (Linux, Windows, macOS)
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability triggers when processing ICC profiles via the affected XML parsing function

📦 What is this software?

Iccdev by Color

View all CVEs affecting Iccdev →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment

🟠

Likely Case

Application crash or denial of service affecting color processing functionality

🟢

If Mitigated

Contained application crash with no privilege escalation if proper sandboxing exists

🌐 Internet-Facing: MEDIUM - Requires processing of malicious ICC profiles, which could be delivered via web uploads or email attachments
🏢 Internal Only: LOW - Typically requires user interaction to process malicious files

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires crafting malicious ICC profiles and getting them processed by vulnerable applications

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.3.1.2

Vendor Advisory: https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-v3q7-7hw6-6jq8

Restart Required: Yes

Instructions:

1. Identify applications using iccDEV. 2. Update iccDEV to version 2.3.1.2. 3. Rebuild applications with updated library. 4. Restart affected services.

🔧 Temporary Workarounds

No known workarounds

all

The vulnerability is in core library functionality with no configuration-based mitigations

🧯 If You Can't Patch

  • Restrict processing of untrusted ICC profiles through application controls
  • Implement sandboxing for applications using iccDEV to limit potential damage

🔍 How to Verify

Check if Vulnerable:

Check if applications link to iccDEV library version < 2.3.1.2 using ldd (Linux) or dependency walker tools

Check Version:

Check library version in compiled binaries or use package manager: dpkg -l | grep iccdev or rpm -qa | grep iccdev

Verify Fix Applied:

Verify iccDEV version is 2.3.1.2 or higher and applications have been rebuilt with updated library

📡 Detection & Monitoring

Log Indicators:

  • Application crashes during ICC profile processing
  • Memory access violation errors in application logs

Network Indicators:

  • Unusual ICC profile uploads to web applications
  • Suspicious file transfers containing .icc/.icm files

SIEM Query:

Application:iccDEV AND (EventID:1000 OR ExceptionCode:c0000005) OR Process:*.exe AND FileExtension:(icc OR icm) FROM SuspiciousSource

📊 Metadata

CVE ID: CVE-2026-21693
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-20
EPSS Score: 0.11% exploit probability (29.4th percentile)
Published: January 7, 2026
Last Updated: January 12, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-21693, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)