Heap-based buffer overflow in iccDEV - CVE-2026-21504
Published: May 5, 2026
iccDEV
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service and modify data.
The vulnerability exists due to heap-based buffer overflow in the CIccMpeToneMap parser in IccProfLib/IccMpeBasic.cpp when parsing ICC color profiles. A remote attacker can trick the victim into processing a specially crafted ICC color profile to cause a denial of service and modify data.
User interaction is required to open or otherwise process a crafted ICC color profile.