HIGHCVE-2026-21485Published 2026-01-06Modified 2026-01-06CNA GitHub_M

CVE-2026-21485: iccDEV Undefined Behavior (UB) and Out of Memory in CIccProfile::LoadTag()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are prone to have Undefined Behavior (UB) and Out of Memory errors. This issue is fixed in version 2.3.1.2.

CVSS v3.1: 8.8
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

InternationalColorConsortium / iccDEV
< 2.3.1.2

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-chp2-4gv5-2432
https://github.com/InternationalColorConsortium/iccDEV/issues/340
https://github.com/InternationalColorConsortium/iccDEV/commit/c136aac51d25cbb4d9db63f071edad4f088843df

Metrics