NULL pointer dereference in iccDEV - CVE-2026-21503
Published: May 5, 2026
iccDEV
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to null pointer dereference in CIccTagSparseMatrixArray when processing ICC color profiles. A remote attacker can trick the victim into opening a crafted ICC color profile to cause a denial of service.
User interaction is required to open a crafted ICC color profile.