CVE-2026-21505

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined behavior due to an invalid enum value. This issue has been patched in version 2.3.1.2.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/InternationalColorConsortium/iccDEV/commit/3bbe2088b2796cf0aa4f7fa19f7ccd9ad1c7aba5	Patch
https://github.com/InternationalColorConsortium/iccDEV/commit/b1bb72fc3e9442ee1355aabae7314bb7d3fc9d41	Patch
https://github.com/InternationalColorConsortium/iccDEV/issues/361	Exploit Issue Tracking
https://github.com/InternationalColorConsortium/iccDEV/pull/419	Issue Tracking
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-j577-8285-qrf9	Third Party Advisory
https://github.com/InternationalColorConsortium/iccDEV/issues/361	Exploit Issue Tracking

Configurations

Configuration 1 (hide)

cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*

History

12 Jan 2026, 16:35

Type	Values Removed	Values Added
References	~~() https://github.com/InternationalColorConsortium/iccDEV/commit/3bbe2088b2796cf0aa4f7fa19f7ccd9ad1c7aba5 -~~	() https://github.com/InternationalColorConsortium/iccDEV/commit/3bbe2088b2796cf0aa4f7fa19f7ccd9ad1c7aba5 - Patch
References	~~() https://github.com/InternationalColorConsortium/iccDEV/commit/b1bb72fc3e9442ee1355aabae7314bb7d3fc9d41 -~~	() https://github.com/InternationalColorConsortium/iccDEV/commit/b1bb72fc3e9442ee1355aabae7314bb7d3fc9d41 - Patch
References	~~() https://github.com/InternationalColorConsortium/iccDEV/issues/361 -~~	() https://github.com/InternationalColorConsortium/iccDEV/issues/361 - Exploit, Issue Tracking
References	~~() https://github.com/InternationalColorConsortium/iccDEV/pull/419 -~~	() https://github.com/InternationalColorConsortium/iccDEV/pull/419 - Issue Tracking
References	~~() https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-j577-8285-qrf9 -~~	() https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-j577-8285-qrf9 - Third Party Advisory
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:a:color:iccdev::::::::
First Time		Color Color iccdev

08 Jan 2026, 20:15

Type	Values Removed	Values Added
References	~~() https://github.com/InternationalColorConsortium/iccDEV/issues/361 -~~	() https://github.com/InternationalColorConsortium/iccDEV/issues/361 -

07 Jan 2026, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-07 18:15

Updated : 2026-01-12 16:35

NVD link : CVE-2026-21505

Mitre link : CVE-2026-21505

CVE.ORG link : CVE-2026-21505

JSON object : View

Products Affected

color

iccdev

CWE

CWE-20

Improper Input Validation

CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')

NVD-CWE-noinfo

5.5 /10