CVE-2026-21503

CVE Database · CVE-2026-21503

CVE-2026-21503

· MEDIUMAnalyzed

CVSS v3.1

6.1

EPSS

0.15%

Published

Jan 7, 2026

Modified

Jan 9, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined behavior due to a null pointer passed to memcpy() in CIccTagSparseMatrixArray. This issue has been patched in version 2.3.1.2.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

Weaknesses (CWE)

CWE-20CWE-131CWE-476CWE-628CWE-476

Affected Products (1)

color · iccdev (up to 2.3.1.2)vulnerable

References (4)

https://github.com/InternationalColorConsortium/iccDEV/commit/55259a6395c4f6124b5d0e38469c77412926bd3d

Patch

https://github.com/InternationalColorConsortium/iccDEV/issues/367

ExploitIssue Tracking

https://github.com/InternationalColorConsortium/iccDEV/pull/417

Issue Tracking

https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-h554-qrfh-53gx

Third Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs