SB2026020446 - Multiple vulnerabilities in iccDEV



SB2026020446 - Multiple vulnerabilities in iccDEV

Published: February 4, 2026 Updated: May 5, 2026

Security Bulletin ID SB2026020446
CSH Severity
High
Patch available
YES
Number of vulnerabilities 44
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 32% Medium 66% Low 2%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 44 vulnerabilities.


1) Stack-based buffer overflow (CVE-ID: CVE-2026-25502)

CWE-ID: CWE-121 - Stack-based buffer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in icFixXml() function when processing malformed ICC profiles. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) Type Confusion (CVE-ID: CVE-2026-25503)

CWE-ID: CWE-843 - Type confusion

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a type confusion error in CIccTagEmbeddedHeightImage::Validate(). A remote attacker can pass specially crafted data to the application, trigger a type confusion error and cause a denial of service condition on the target system.


3) Heap-based buffer overflow (CVE-ID: N/A)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to heap-based buffer overflow in IccTagXml() when parsing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to execute arbitrary code.

User interaction is required to process the crafted ICC color profile.


4) Reliance on undefined behavior (CVE-ID: CVE-2026-21687)

CWE-ID: CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service and modify data.

The vulnerability exists due to reliance on undefined behavior in CIccTagCurve::CIccTagCurve() when processing ICC color profiles. A remote attacker can provide a crafted ICC color profile to cause a denial of service and modify data.

User interaction is required to process a crafted ICC color profile.


5) Reliance on undefined behavior (CVE-ID: CVE-2026-21686)

CWE-ID: CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to reliance on undefined behavior in CIccTagLutAtoB::Validate() when parsing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to cause a denial of service.

User interaction is required to process a crafted ICC color profile.


6) Reliance on undefined behavior (CVE-ID: CVE-2026-21685)

CWE-ID: CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service or modify data.

The vulnerability exists due to reliance on undefined behavior in CIccTagLut16::Read() when parsing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to cause a denial of service or modify data.

User interaction is required to process a crafted ICC color profile.


7) Reliance on undefined behavior (CVE-ID: CVE-2026-21684)

CWE-ID: CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service or modify data.

The vulnerability exists due to reliance on undefined behavior in CIccTagSpectralViewingConditions() when processing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to cause a denial of service or modify data.

User interaction is required to process a crafted ICC color profile.


8) Type Confusion (CVE-ID: CVE-2026-21683)

CWE-ID: CWE-843 - Type confusion

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to type confusion in icStatusCMM::CIccEvalCompare::EvaluateProfile() when processing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to execute arbitrary code.

User interaction is required to process the crafted ICC color profile.


9) Heap-based buffer overflow (CVE-ID: CVE-2026-21682)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to heap-based buffer overflow in CIccXmlArrayType::ParseText() when parsing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to execute arbitrary code.

User interaction is required to process the crafted profile.


10) Reliance on undefined behavior (CVE-ID: N/A)

CWE-ID: CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service and modify data.

The vulnerability exists due to reliance on undefined behavior in CIccCLUT::Init() when processing ICC color profiles. A remote attacker can supply a crafted ICC color profile to cause a denial of service and modify data.

User interaction is required to process the crafted ICC color profile.


11) Use-after-free (CVE-ID: N/A)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in CIccXform::Create() when processing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to execute arbitrary code.

User interaction is required to process the crafted ICC color profile.


12) Input validation error (CVE-ID: CVE-2026-21681)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service and modify data.

The vulnerability exists due to improper input validation in IccProfLib/IccTagBasic.cpp when processing ICC color profiles. A remote attacker can supply a specially crafted ICC color profile to cause a denial of service and modify data.

User interaction is required to process a crafted ICC color profile.


13) NULL pointer dereference (CVE-ID: CVE-2026-21680)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to a null pointer dereference in CIccProfile::CheckTagTypes() when processing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to cause a denial of service.

User interaction is required to process the crafted profile.


14) Heap-based buffer overflow (CVE-ID: CVE-2026-21679)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to a heap-based buffer overflow in CIccLocalizedUnicode::GetText() when processing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to execute arbitrary code.

User interaction is required to process the crafted ICC color profile.


15) Heap-based buffer overflow (CVE-ID: CVE-2026-21678)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to heap-based buffer overflow in IccTagXml() when parsing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to execute arbitrary code.

User interaction is required to process the crafted ICC color profile.


16) Reliance on undefined behavior (CVE-ID: CVE-2026-21677)

CWE-ID: CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to reliance on undefined behavior in CIccCLUT::Init() when processing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to execute arbitrary code.

User interaction is required to process a crafted ICC color profile.


17) Heap-based buffer overflow (CVE-ID: CVE-2026-21676)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to heap-based buffer overflow in CIccMBB::Validate() when parsing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to execute arbitrary code.

User interaction is required to process the crafted ICC color profile.


18) Heap-based buffer overflow (CVE-ID: N/A)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to heap-based buffer overflow in CIccMBB::Validate() when parsing ICC color profiles. A remote attacker can trick the victim into processing a specially crafted ICC color profile to execute arbitrary code.

User interaction is required to process a crafted ICC color profile.


19) Use-after-free (CVE-ID: CVE-2026-21675)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in CIccXform::Create() when processing ICC color profiles. A remote attacker can supply a crafted ICC color profile to execute arbitrary code.


20) Memory leak (CVE-ID: CVE-2026-21674)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to missing release of memory after effective lifetime in CIccProfileXml::ParseTag() when processing ICC color profiles. A remote attacker can trigger the error path with a crafted ICC color profile to cause a denial of service.

User interaction is required to open or process a crafted ICC color profile.


21) Integer overflow (CVE-ID: CVE-2026-21673)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to integer overflow or underflow in CIccXmlArrayType::ParseTextCountNum() when parsing ICC color profiles. A remote attacker can trick the victim into processing a specially crafted ICC color profile to execute arbitrary code.

User interaction is required to process a crafted ICC color profile.


22) Infinite loop (CVE-ID: CVE-2026-21507)

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to loop with an unreachable exit condition in CalcProfileID() when processing ICC color profiles. A remote attacker can supply a crafted ICC color profile to cause a denial of service.


23) Improper Validation of Specified Quantity in Input (CVE-ID: CVE-2026-21485)

CWE-ID: CWE-1284 - Improper Validation of Specified Quantity in Input

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper validation of specified quantity in input in CIccProfile::LoadTag() when parsing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to execute arbitrary code.

User interaction is required to process a crafted ICC color profile.


24) Out-of-bounds read (CVE-ID: CVE-2026-21487)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to disclose sensitive information and cause a denial of service.

The vulnerability exists due to out-of-bounds read in ICC color profile processing when parsing crafted ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to disclose sensitive information and cause a denial of service.

User interaction is required to open or otherwise process a crafted ICC color profile.


25) Use-after-free (CVE-ID: CVE-2026-21486)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in the ICC color profile processing functionality when parsing crafted ICC color profiles. A remote attacker can trick the victim into opening or processing a crafted ICC color profile to execute arbitrary code.

User interaction is required to open or process a crafted ICC color profile.


26) Heap-based buffer overflow (CVE-ID: CVE-2026-21488)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to disclose sensitive information and cause a denial of service.

The vulnerability exists due to heap-based buffer overflow in ICC color profile processing when parsing crafted ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to disclose sensitive information and cause a denial of service.

User interaction is required to process a crafted ICC color profile.


27) Out-of-bounds read (CVE-ID: CVE-2026-21489)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to disclose sensitive information and cause a denial of service.

The vulnerability exists due to out-of-bounds read in ICC color profile processing when parsing a crafted ICC color profile. A remote attacker can trick the victim into processing a crafted ICC color profile to disclose sensitive information and cause a denial of service.

User interaction is required to process a crafted ICC color profile.


28) Type Confusion (CVE-ID: CVE-2026-21493)

CWE-ID: CWE-843 - Type confusion

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to disclose sensitive information, modify data, and cause a denial of service.

The vulnerability exists due to type confusion in the XML curve serialization logic for SingleSampledCurve support when processing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to disclose sensitive information, modify data, and cause a denial of service.

User interaction is required to process a crafted ICC color profile.


29) Heap-based buffer overflow (CVE-ID: CVE-2026-21494)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service and disclose sensitive information.

The vulnerability exists due to heap-based buffer overflow in CIccTagLut8::Validate() when parsing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to cause a denial of service and disclose sensitive information.

User interaction is required to open or otherwise process a crafted ICC color profile.


30) Heap-based buffer overflow (CVE-ID: CVE-2026-21490)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service and disclose sensitive information.

The vulnerability exists due to heap-based buffer overflow in CIccTagLut16::Validate() when parsing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to cause a denial of service and disclose sensitive information.

User interaction is required to open or otherwise process a crafted ICC color profile.


31) Heap-based buffer overflow (CVE-ID: CVE-2026-21491)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service and disclose sensitive information.

The vulnerability exists due to heap-based buffer overflow in CIccTagTextDescription when parsing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to cause a denial of service and disclose sensitive information.

User interaction is required to process a crafted ICC color profile.


32) NULL pointer dereference (CVE-ID: CVE-2026-21492)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to null pointer dereference in the ToneMap writer when processing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to cause a denial of service.

User interaction is required to process the crafted profile.


33) Division by zero (CVE-ID: CVE-2026-21495)

CWE-ID: CWE-369 - Divide By Zero

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to divide by zero in TIFF image reader when processing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to cause a denial of service.

User interaction is required to process the crafted profile.


34) NULL pointer dereference (CVE-ID: CVE-2026-21497)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to null pointer dereference in unknown tag parser when processing ICC color profiles. A remote attacker can trick the victim into opening a crafted ICC color profile to cause a denial of service.

User interaction is required to process a crafted ICC color profile.


35) NULL pointer dereference (CVE-ID: CVE-2026-21498)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to null pointer dereference in the XML calculator parser when processing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to cause a denial of service.

User interaction is required to process the crafted ICC color profile.


36) NULL pointer dereference (CVE-ID: CVE-2026-21496)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to a null pointer dereference in the icGetSigVal() signature parser when parsing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to cause a denial of service.

User interaction is required to process the crafted ICC color profile.


37) Uncontrolled Recursion (CVE-ID: CVE-2026-21500)

CWE-ID: CWE-674 - Uncontrolled Recursion

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to uncontrolled recursion in XML calculator macro expansion when processing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to cause a denial of service.

User interaction is required to process a crafted ICC color profile.


38) NULL pointer dereference (CVE-ID: CVE-2026-21502)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to a null pointer dereference in the XML tag parser when parsing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to cause a denial of service.

User interaction is required to open or process a crafted ICC color profile.


39) NULL pointer dereference (CVE-ID: CVE-2026-21499)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to a null pointer dereference in the iccDEV XML parser when parsing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to cause a denial of service.

User interaction is required to open or process a crafted ICC color profile.


40) Stack-based buffer overflow (CVE-ID: CVE-2026-21501)

CWE-ID: CWE-121 - Stack-based buffer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to stack-based buffer overflow in the iccDEV calculator parser when parsing ICC color profiles. A remote attacker can trick the victim into opening a crafted ICC color profile to cause a denial of service.

User interaction is required to process a crafted ICC color profile.


41) Heap-based buffer overflow (CVE-ID: CVE-2026-21504)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service and modify data.

The vulnerability exists due to heap-based buffer overflow in the CIccMpeToneMap parser in IccProfLib/IccMpeBasic.cpp when parsing ICC color profiles. A remote attacker can trick the victim into processing a specially crafted ICC color profile to cause a denial of service and modify data.

User interaction is required to open or otherwise process a crafted ICC color profile.


42) NULL pointer dereference (CVE-ID: CVE-2026-21503)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to null pointer dereference in CIccTagSparseMatrixArray when processing ICC color profiles. A remote attacker can trick the victim into opening a crafted ICC color profile to cause a denial of service.

User interaction is required to open a crafted ICC color profile.


43) NULL pointer dereference (CVE-ID: CVE-2026-21506)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to null pointer dereference in CIccProfileXml::ParseBasic() when parsing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to cause a denial of service.

User interaction is required to process the crafted ICC color profile.


44) Type Confusion (CVE-ID: CVE-2026-21505)

CWE-ID: CWE-843 - Type confusion

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper input validation in the icMaterialColorSignature enum handling when parsing malformed ICC profile files. A remote attacker can trick the victim into opening a crafted ICC profile file to cause a denial of service.

The issue affects the wxProfileDump tool and applications that process ICC color profiles using the vulnerable enum.


Remediation

Install update from vendor's website.

References