iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a NULL pointer dereference vulnerability. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.
References
| Link | Resource |
|---|---|
| https://github.com/InternationalColorConsortium/iccDEV/issues/322 | Exploit Issue Tracking |
| https://github.com/InternationalColorConsortium/iccDEV/pull/325 | Issue Tracking |
| https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-mgp7-w4w3-mhx4 | Third Party Advisory |
Configurations
History
09 Jan 2026, 21:34
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Color
Color iccdev |
|
| CPE | cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:* | |
| References | () https://github.com/InternationalColorConsortium/iccDEV/issues/322 - Exploit, Issue Tracking | |
| References | () https://github.com/InternationalColorConsortium/iccDEV/pull/325 - Issue Tracking | |
| References | () https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-mgp7-w4w3-mhx4 - Third Party Advisory |
07 Jan 2026, 18:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-01-07 18:15
Updated : 2026-01-09 21:34
NVD link : CVE-2026-21680
Mitre link : CVE-2026-21680
CVE.ORG link : CVE-2026-21680
JSON object : View
Products Affected
color
- iccdev
CWE
CWE-476
NULL Pointer Dereference