CVE-2026-21485

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.2

Description iccDEV is a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and earlier contain Undefined Behavior (UB) and Out of Memory errors. Undefined Behavior refers to situations where the behavior of a program is not specified by the programming language standard, potentially leading to unpredictable results or crashes. Out of Memory errors occur when a program attempts to allocate more memory than is available, resulting in program termination.

Recommendations Update to version 2.3.1.2 or later.

Exploit

Fix

Resource Exhaustion

Out of bounds Read

Memory Corruption

RCE

NULL Pointer Dereference

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-125CWE-787CWE-20CWE-476CWE-1284CWE-190

Related Identifiers

CVE-2026-21485

GHSA-CHP2-4GV5-2432

Affected Products

Iccdev

CVE-2026-21485

Weakness Enumeration

Related Identifiers

Affected Products

References · 9