CVE-2026-21507

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have an infinite loop in the IccProfile.cpp function, CalcProfileID. This issue is fixed in version 2.3.1.1.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/InternationalColorConsortium/iccDEV/commit/3f3ce789d0d2b608c194ed172fa38943519dc198	Patch
https://github.com/InternationalColorConsortium/iccDEV/issues/244	Exploit Issue Tracking Vendor Advisory
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-hgp5-r8m9-8qpj	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*

History

17 Jun 2026, 10:18

Type	Values Removed	Values Added
Summary		(es) iccDEV proporciona un conjunto de bibliotecas y herramientas para trabajar con perfiles de gestión de color ICC. Las versiones 2.3.1 e inferiores tienen un bucle infinito en la función CalcProfileID de IccProfile.cpp. Este problema está corregido en la versión 2.3.1.1.
References	~~() https://github.com/InternationalColorConsortium/iccDEV/issues/244 - Issue Tracking, Exploit, Vendor Advisory~~	() https://github.com/InternationalColorConsortium/iccDEV/issues/244 - Exploit, Issue Tracking, Vendor Advisory

12 Jan 2026, 21:04

Type	Values Removed	Values Added
References	~~() https://github.com/InternationalColorConsortium/iccDEV/commit/3f3ce789d0d2b608c194ed172fa38943519dc198 -~~	() https://github.com/InternationalColorConsortium/iccDEV/commit/3f3ce789d0d2b608c194ed172fa38943519dc198 - Patch
References	~~() https://github.com/InternationalColorConsortium/iccDEV/issues/244 -~~	() https://github.com/InternationalColorConsortium/iccDEV/issues/244 - Issue Tracking, Exploit, Vendor Advisory
References	~~() https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-hgp5-r8m9-8qpj -~~	() https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-hgp5-r8m9-8qpj - Patch, Vendor Advisory
CPE		cpe:2.3:a:color:iccdev::::::::
First Time		Color Color iccdev

06 Jan 2026, 01:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-06 01:16

Updated : 2026-06-17 10:18

NVD link : CVE-2026-21507

Mitre link : CVE-2026-21507

CVE.ORG link : CVE-2026-21507

JSON object : View

Products Affected

color

iccdev

CWE

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

7.5 /10