CVE-2026-21495

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to division by zero in the TIFF Image Reader. This issue has been patched in version 2.3.1.2.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/InternationalColorConsortium/iccDEV/commit/10c34179a0332a869c2b46e305a9cd23a6311dfe	Patch
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-xhrm-79rg-5784	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*

History

17 Jun 2026, 10:18

Type	Values Removed	Values Added
Summary		(es) iccDEV proporciona un conjunto de bibliotecas y herramientas que permiten la interacción, manipulación y aplicación de perfiles ICC de gestión de color. Antes de la versión 2.3.1.2, iccDEV es vulnerable a una división por cero en el lector de imágenes TIFF. Este problema ha sido parcheado en la versión 2.3.1.2.

09 Jan 2026, 21:56

Type	Values Removed	Values Added
First Time		Color Color iccdev
CPE		cpe:2.3:a:color:iccdev::::::::
References	~~() https://github.com/InternationalColorConsortium/iccDEV/commit/10c34179a0332a869c2b46e305a9cd23a6311dfe -~~	() https://github.com/InternationalColorConsortium/iccDEV/commit/10c34179a0332a869c2b46e305a9cd23a6311dfe - Patch
References	~~() https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-xhrm-79rg-5784 -~~	() https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-xhrm-79rg-5784 - Third Party Advisory

07 Jan 2026, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-07 18:15

Updated : 2026-06-17 10:18

NVD link : CVE-2026-21495

Mitre link : CVE-2026-21495

CVE.ORG link : CVE-2026-21495

JSON object : View

Products Affected

color

iccdev

CWE

CWE-20

Improper Input Validation

CWE-369

Divide By Zero

{"id": "CVE-2026-21495", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-21495", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-07T18:17:19.692568Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "affected": [{"source": "security-advisories@github.com", "affectedData": [{"vendor": "InternationalColorConsortium", "product": "iccDEV", "versions": [{"status": "affected", "version": "< 2.3.1.2"}]}]}], "published": "2026-01-07T18:15:53.127", "references": [{"url": "https://github.com/InternationalColorConsortium/iccDEV/commit/10c34179a0332a869c2b46e305a9cd23a6311dfe", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-xhrm-79rg-5784", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-369"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-369"}]}], "descriptions": [{"lang": "en", "value": "iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to division by zero in the TIFF Image Reader. This issue has been patched in version 2.3.1.2."}, {"lang": "es", "value": "iccDEV proporciona un conjunto de bibliotecas y herramientas que permiten la interacci\u00f3n, manipulaci\u00f3n y aplicaci\u00f3n de perfiles ICC de gesti\u00f3n de color. Antes de la versi\u00f3n 2.3.1.2, iccDEV es vulnerable a una divisi\u00f3n por cero en el lector de im\u00e1genes TIFF. Este problema ha sido parcheado en la versi\u00f3n 2.3.1.2."}], "lastModified": "2026-06-17T10:18:43.393", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D34CF745-E75A-4F1C-AD7B-9AC1A2E9F680", "versionEndExcluding": "2.3.1.2"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}