SB2026020446 - Multiple vulnerabilities in iccDEV
Published: February 4, 2026 Updated: May 5, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 44 vulnerabilities.
1) Stack-based buffer overflow (CVE-ID: CVE-2026-25502)
CWE-ID: CWE-121 - Stack-based buffer overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in icFixXml() function when processing malformed ICC profiles. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Type Confusion (CVE-ID: CVE-2026-25503)
CWE-ID: CWE-843 - Type confusion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a type confusion error in CIccTagEmbeddedHeightImage::Validate(). A remote attacker can pass specially crafted data to the application, trigger a type confusion error and cause a denial of service condition on the target system.
3) Heap-based buffer overflow (CVE-ID: N/A)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to heap-based buffer overflow in IccTagXml() when parsing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to execute arbitrary code.
User interaction is required to process the crafted ICC color profile.
4) Reliance on undefined behavior (CVE-ID: CVE-2026-21687)
CWE-ID: CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service and modify data.
The vulnerability exists due to reliance on undefined behavior in CIccTagCurve::CIccTagCurve() when processing ICC color profiles. A remote attacker can provide a crafted ICC color profile to cause a denial of service and modify data.
User interaction is required to process a crafted ICC color profile.
5) Reliance on undefined behavior (CVE-ID: CVE-2026-21686)
CWE-ID: CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to reliance on undefined behavior in CIccTagLutAtoB::Validate() when parsing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to cause a denial of service.
User interaction is required to process a crafted ICC color profile.
6) Reliance on undefined behavior (CVE-ID: CVE-2026-21685)
CWE-ID: CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service or modify data.
The vulnerability exists due to reliance on undefined behavior in CIccTagLut16::Read() when parsing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to cause a denial of service or modify data.
User interaction is required to process a crafted ICC color profile.
7) Reliance on undefined behavior (CVE-ID: CVE-2026-21684)
CWE-ID: CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service or modify data.
The vulnerability exists due to reliance on undefined behavior in CIccTagSpectralViewingConditions() when processing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to cause a denial of service or modify data.
User interaction is required to process a crafted ICC color profile.
8) Type Confusion (CVE-ID: CVE-2026-21683)
CWE-ID: CWE-843 - Type confusion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to type confusion in icStatusCMM::CIccEvalCompare::EvaluateProfile() when processing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to execute arbitrary code.
User interaction is required to process the crafted ICC color profile.
9) Heap-based buffer overflow (CVE-ID: CVE-2026-21682)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to heap-based buffer overflow in CIccXmlArrayType::ParseText() when parsing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to execute arbitrary code.
User interaction is required to process the crafted profile.
10) Reliance on undefined behavior (CVE-ID: N/A)
CWE-ID: CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service and modify data.
The vulnerability exists due to reliance on undefined behavior in CIccCLUT::Init() when processing ICC color profiles. A remote attacker can supply a crafted ICC color profile to cause a denial of service and modify data.
User interaction is required to process the crafted ICC color profile.
11) Use-after-free (CVE-ID: N/A)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to use-after-free in CIccXform::Create() when processing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to execute arbitrary code.
User interaction is required to process the crafted ICC color profile.
12) Input validation error (CVE-ID: CVE-2026-21681)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service and modify data.
The vulnerability exists due to improper input validation in IccProfLib/IccTagBasic.cpp when processing ICC color profiles. A remote attacker can supply a specially crafted ICC color profile to cause a denial of service and modify data.
User interaction is required to process a crafted ICC color profile.
13) NULL pointer dereference (CVE-ID: CVE-2026-21680)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to a null pointer dereference in CIccProfile::CheckTagTypes() when processing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to cause a denial of service.
User interaction is required to process the crafted profile.
14) Heap-based buffer overflow (CVE-ID: CVE-2026-21679)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to a heap-based buffer overflow in CIccLocalizedUnicode::GetText() when processing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to execute arbitrary code.
User interaction is required to process the crafted ICC color profile.
15) Heap-based buffer overflow (CVE-ID: CVE-2026-21678)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to heap-based buffer overflow in IccTagXml() when parsing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to execute arbitrary code.
User interaction is required to process the crafted ICC color profile.
16) Reliance on undefined behavior (CVE-ID: CVE-2026-21677)
CWE-ID: CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to reliance on undefined behavior in CIccCLUT::Init() when processing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to execute arbitrary code.
User interaction is required to process a crafted ICC color profile.
17) Heap-based buffer overflow (CVE-ID: CVE-2026-21676)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to heap-based buffer overflow in CIccMBB::Validate() when parsing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to execute arbitrary code.
User interaction is required to process the crafted ICC color profile.
18) Heap-based buffer overflow (CVE-ID: N/A)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to heap-based buffer overflow in CIccMBB::Validate() when parsing ICC color profiles. A remote attacker can trick the victim into processing a specially crafted ICC color profile to execute arbitrary code.
User interaction is required to process a crafted ICC color profile.
19) Use-after-free (CVE-ID: CVE-2026-21675)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to use-after-free in CIccXform::Create() when processing ICC color profiles. A remote attacker can supply a crafted ICC color profile to execute arbitrary code.
20) Memory leak (CVE-ID: CVE-2026-21674)
CWE-ID: CWE-401 - Missing release of memory after effective lifetime
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to missing release of memory after effective lifetime in CIccProfileXml::ParseTag() when processing ICC color profiles. A remote attacker can trigger the error path with a crafted ICC color profile to cause a denial of service.
User interaction is required to open or process a crafted ICC color profile.
21) Integer overflow (CVE-ID: CVE-2026-21673)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to integer overflow or underflow in CIccXmlArrayType::ParseTextCountNum() when parsing ICC color profiles. A remote attacker can trick the victim into processing a specially crafted ICC color profile to execute arbitrary code.
User interaction is required to process a crafted ICC color profile.
22) Infinite loop (CVE-ID: CVE-2026-21507)
CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to loop with an unreachable exit condition in CalcProfileID() when processing ICC color profiles. A remote attacker can supply a crafted ICC color profile to cause a denial of service.
23) Improper Validation of Specified Quantity in Input (CVE-ID: CVE-2026-21485)
CWE-ID: CWE-1284 - Improper Validation of Specified Quantity in Input
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper validation of specified quantity in input in CIccProfile::LoadTag() when parsing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to execute arbitrary code.
User interaction is required to process a crafted ICC color profile.
24) Out-of-bounds read (CVE-ID: CVE-2026-21487)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to disclose sensitive information and cause a denial of service.
The vulnerability exists due to out-of-bounds read in ICC color profile processing when parsing crafted ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to disclose sensitive information and cause a denial of service.
User interaction is required to open or otherwise process a crafted ICC color profile.
25) Use-after-free (CVE-ID: CVE-2026-21486)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to use-after-free in the ICC color profile processing functionality when parsing crafted ICC color profiles. A remote attacker can trick the victim into opening or processing a crafted ICC color profile to execute arbitrary code.
User interaction is required to open or process a crafted ICC color profile.
26) Heap-based buffer overflow (CVE-ID: CVE-2026-21488)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to disclose sensitive information and cause a denial of service.
The vulnerability exists due to heap-based buffer overflow in ICC color profile processing when parsing crafted ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to disclose sensitive information and cause a denial of service.
User interaction is required to process a crafted ICC color profile.
27) Out-of-bounds read (CVE-ID: CVE-2026-21489)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to disclose sensitive information and cause a denial of service.
The vulnerability exists due to out-of-bounds read in ICC color profile processing when parsing a crafted ICC color profile. A remote attacker can trick the victim into processing a crafted ICC color profile to disclose sensitive information and cause a denial of service.
User interaction is required to process a crafted ICC color profile.
28) Type Confusion (CVE-ID: CVE-2026-21493)
CWE-ID: CWE-843 - Type confusion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to disclose sensitive information, modify data, and cause a denial of service.
The vulnerability exists due to type confusion in the XML curve serialization logic for SingleSampledCurve support when processing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to disclose sensitive information, modify data, and cause a denial of service.
User interaction is required to process a crafted ICC color profile.
29) Heap-based buffer overflow (CVE-ID: CVE-2026-21494)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service and disclose sensitive information.
The vulnerability exists due to heap-based buffer overflow in CIccTagLut8::Validate() when parsing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to cause a denial of service and disclose sensitive information.
User interaction is required to open or otherwise process a crafted ICC color profile.
30) Heap-based buffer overflow (CVE-ID: CVE-2026-21490)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service and disclose sensitive information.
The vulnerability exists due to heap-based buffer overflow in CIccTagLut16::Validate() when parsing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to cause a denial of service and disclose sensitive information.
User interaction is required to open or otherwise process a crafted ICC color profile.
31) Heap-based buffer overflow (CVE-ID: CVE-2026-21491)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service and disclose sensitive information.
The vulnerability exists due to heap-based buffer overflow in CIccTagTextDescription when parsing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to cause a denial of service and disclose sensitive information.
User interaction is required to process a crafted ICC color profile.
32) NULL pointer dereference (CVE-ID: CVE-2026-21492)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to null pointer dereference in the ToneMap writer when processing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to cause a denial of service.
User interaction is required to process the crafted profile.
33) Division by zero (CVE-ID: CVE-2026-21495)
CWE-ID: CWE-369 - Divide By Zero
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to divide by zero in TIFF image reader when processing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to cause a denial of service.
User interaction is required to process the crafted profile.
34) NULL pointer dereference (CVE-ID: CVE-2026-21497)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to null pointer dereference in unknown tag parser when processing ICC color profiles. A remote attacker can trick the victim into opening a crafted ICC color profile to cause a denial of service.
User interaction is required to process a crafted ICC color profile.
35) NULL pointer dereference (CVE-ID: CVE-2026-21498)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to null pointer dereference in the XML calculator parser when processing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to cause a denial of service.
User interaction is required to process the crafted ICC color profile.
36) NULL pointer dereference (CVE-ID: CVE-2026-21496)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to a null pointer dereference in the icGetSigVal() signature parser when parsing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to cause a denial of service.
User interaction is required to process the crafted ICC color profile.
37) Uncontrolled Recursion (CVE-ID: CVE-2026-21500)
CWE-ID: CWE-674 - Uncontrolled Recursion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to uncontrolled recursion in XML calculator macro expansion when processing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to cause a denial of service.
User interaction is required to process a crafted ICC color profile.
38) NULL pointer dereference (CVE-ID: CVE-2026-21502)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to a null pointer dereference in the XML tag parser when parsing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to cause a denial of service.
User interaction is required to open or process a crafted ICC color profile.
39) NULL pointer dereference (CVE-ID: CVE-2026-21499)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to a null pointer dereference in the iccDEV XML parser when parsing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to cause a denial of service.
User interaction is required to open or process a crafted ICC color profile.
40) Stack-based buffer overflow (CVE-ID: CVE-2026-21501)
CWE-ID: CWE-121 - Stack-based buffer overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to stack-based buffer overflow in the iccDEV calculator parser when parsing ICC color profiles. A remote attacker can trick the victim into opening a crafted ICC color profile to cause a denial of service.
User interaction is required to process a crafted ICC color profile.
41) Heap-based buffer overflow (CVE-ID: CVE-2026-21504)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service and modify data.
The vulnerability exists due to heap-based buffer overflow in the CIccMpeToneMap parser in IccProfLib/IccMpeBasic.cpp when parsing ICC color profiles. A remote attacker can trick the victim into processing a specially crafted ICC color profile to cause a denial of service and modify data.
User interaction is required to open or otherwise process a crafted ICC color profile.
42) NULL pointer dereference (CVE-ID: CVE-2026-21503)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to null pointer dereference in CIccTagSparseMatrixArray when processing ICC color profiles. A remote attacker can trick the victim into opening a crafted ICC color profile to cause a denial of service.
User interaction is required to open a crafted ICC color profile.
43) NULL pointer dereference (CVE-ID: CVE-2026-21506)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to null pointer dereference in CIccProfileXml::ParseBasic() when parsing ICC color profiles. A remote attacker can trick the victim into processing a crafted ICC color profile to cause a denial of service.
User interaction is required to process the crafted ICC color profile.
44) Type Confusion (CVE-ID: CVE-2026-21505)
CWE-ID: CWE-843 - Type confusion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper input validation in the icMaterialColorSignature enum handling when parsing malformed ICC profile files. A remote attacker can trick the victim into opening a crafted ICC profile file to cause a denial of service.
The issue affects the wxProfileDump tool and applications that process ICC color profiles using the vulnerable enum.
Remediation
Install update from vendor's website.
References
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-c2qq-jf7w-rm27
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-pf84-4c7q-x764
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-xqq3-g894-w2h5
- https://github.com/InternationalColorConsortium/iccDEV/issues/185
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-prmm-g479-4fv7
- https://github.com/InternationalColorConsortium/iccDEV/issues/180
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-792q-cqq9-mq4x
- https://github.com/InternationalColorConsortium/iccDEV/issues/214
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-c3xr-6687-5c8p
- https://github.com/InternationalColorConsortium/iccDEV/issues/213
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-fg9m-j9x8-8279
- https://github.com/InternationalColorConsortium/iccDEV/issues/216
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-f2wp-j3fr-938w
- https://github.com/InternationalColorConsortium/iccDEV/issues/183
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-jq9m-54gr-c56c
- https://github.com/InternationalColorConsortium/iccDEV/issues/178
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-x6gg-j72w-jc9w
- https://github.com/InternationalColorConsortium/iccDEV/issues/181
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-fqq2-v72p-wfff
- https://github.com/InternationalColorConsortium/iccDEV/issues/182
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-v4qq-v3c3-x62x
- https://github.com/InternationalColorConsortium/iccDEV/issues/232
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-mgp7-w4w3-mhx4
- https://github.com/InternationalColorConsortium/iccDEV/issues/322
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-h4wg-473g-p5wc
- https://github.com/InternationalColorConsortium/iccDEV/issues/328
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-9rp2-4c6g-hppf
- https://github.com/InternationalColorConsortium/iccDEV/issues/55
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-95w5-jvqf-3994
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-j5vv-p2hv-c392
- https://github.com/InternationalColorConsortium/iccDEV/issues/215
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-vg26-ggwf-6fmq
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-wcwx-794g-g78f
- https://github.com/InternationalColorConsortium/iccDEV/commit/510baf58fa48e00ebbb5dd577f0db4af8876bb31
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-xww6-v3vg-4qc7
- https://github.com/InternationalColorConsortium/iccDEV/commit/d7028d8f558bb681efe2b85f02eb4ca374502cbb
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-g66g-f82c-vgm6
- https://github.com/InternationalColorConsortium/iccDEV/commit/32740802ee14418bd14c429d7e2f142d92cd5c4f
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-hgp5-r8m9-8qpj
- https://github.com/InternationalColorConsortium/iccDEV/commit/4f4d99695b440b34300aa0d4da16c9e0173bb408
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-chp2-4gv5-2432
- https://github.com/InternationalColorConsortium/iccDEV/commit/1516e2cafc253bb06fd3700d589a4ed0f09f7bd6
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-xq7x-9524-f7cp
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-mg98-j5q2-674w
- https://github.com/InternationalColorConsortium/iccDEV/commit/1ab7363f38a20089934d3410c88f714eea392bf5
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-4j2g-rvv4-86vg
- https://github.com/InternationalColorConsortium/iccDEV/commit/9daaccceb231c43db8cab312ee5bbe9d2aa6b153
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-ph89-6q5h-wfw5
- https://github.com/InternationalColorConsortium/iccDEV/commit/cfabfe52c9c7eb0481b62c8aad56580bb11efdad
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-p85g-f9q7-jmjx
- https://github.com/InternationalColorConsortium/iccDEV/commit/ab2c58d3980d11a487fda05516d0a95bf4d769e8
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-hjxv-xr7w-84fc
- https://github.com/InternationalColorConsortium/iccDEV/commit/7c2cb719a9de1c00844e457e070d657314383ee3
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-9q9c-699q-xr2q
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-4pv4-4x2x-6j88
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-xpq3-v3jj-mgvx
- https://github.com/InternationalColorConsortium/iccDEV/commit/e72361d215351cbac0002466c4f936e94d6a99e7
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-xhrm-79rg-5784
- https://github.com/InternationalColorConsortium/iccDEV/commit/829d869e4bc79d30afc30b0394acee63fdeb0729
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-7gv7-cmrv-4j85
- https://github.com/InternationalColorConsortium/iccDEV/commit/9419cac7f084197941994b8b9d17def204008385
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-6822-qvxq-m736
- https://github.com/InternationalColorConsortium/iccDEV/commit/bdfa31940726aaabb0a6f19194d9062ba0598959
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-wj8m-6w77-r4rw
- https://github.com/InternationalColorConsortium/iccDEV/commit/0e51ceb427925b7e22f0465547df7506d35cda1c
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-4h4j-mm9w-2cp4
- https://github.com/InternationalColorConsortium/iccDEV/commit/f295826a6f15add90490030f23b2ddd8593bff5b
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-67r8-q3mh-42j6
- https://github.com/InternationalColorConsortium/iccDEV/commit/d04c236775e89a029f93efcc242fdb1fbc245a1c
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-c3pv-2cpf-7v2p
- https://github.com/InternationalColorConsortium/iccDEV/commit/af299895bbcbecca6f67d6dc3d8e1dc92f1fc3fa
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-x7hw-h22p-2x4w
- https://github.com/InternationalColorConsortium/iccDEV/commit/f3056ed99935d479091470127ad16f8be1912bb7
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-rqp9-r53c-3m9h
- https://github.com/InternationalColorConsortium/iccDEV/commit/14fe3785e6b1f9992375b2a24617a0d7f6a70f95
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-h554-qrfh-53gx
- https://github.com/InternationalColorConsortium/iccDEV/commit/55259a6395c4f6124b5d0e38469c77412926bd3d
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-wfm7-m548-x4vp
- https://github.com/InternationalColorConsortium/iccDEV/commit/f2ea32372ad3ebbd29147940229cb9c5548fe033
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-j577-8285-qrf9
- https://github.com/InternationalColorConsortium/iccDEV/commit/3bbe2088b2796cf0aa4f7fa19f7ccd9ad1c7aba5