CVE-2026-21507

7.5 HIGH
Published: January 06, 2026 Modified: January 12, 2026
View on NVD

Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have an infinite loop in the IccProfile.cpp function, CalcProfileID. This issue is fixed in version 2.3.1.1.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/InternationalColorConsortium/iccDEV/commit/3f3ce789d0d2b608c194ed172fa38943519dc198
Source: security-advisories@github.com
Patch
https://github.com/InternationalColorConsortium/iccDEV/issues/244
Source: security-advisories@github.com
Issue Tracking Exploit Vendor Advisory
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-hgp5-r8m9-8qpj
Source: security-advisories@github.com
Patch Vendor Advisory

3 reference(s) from NVD

Quick Stats

CVSS v3 Score
7.5 / 10.0
EPSS (Exploit Probability)
0.1%
22th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-835

Affected Vendors

color

Related CVEs

CVE-2026-4595 2.4
CVE-2026-33723 7.1
CVE-2026-33719 8.6
CVE-2026-33717 8.8
CVE-2026-33716 9.4