CVE-2026-21686

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in `CIccTagLutAtoB::Validate()`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/InternationalColorConsortium/iccDEV/issues/214
https://github.com/InternationalColorConsortium/iccDEV/pull/222
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-792q-cqq9-mq4x

Configurations

No configuration.

History

07 Jan 2026, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-07 22:15

Updated : 2026-01-08 18:08

NVD link : CVE-2026-21686

Mitre link : CVE-2026-21686

CVE.ORG link : CVE-2026-21686

JSON object : View

Products Affected

No product.

CWE

CWE-20

Improper Input Validation

CWE-758

Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

7.1 /10