Type Confusion in iccDEV - CVE-2026-21505
Published: May 5, 2026
iccDEV
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper input validation in the icMaterialColorSignature enum handling when parsing malformed ICC profile files. A remote attacker can trick the victim into opening a crafted ICC profile file to cause a denial of service.
The issue affects the wxProfileDump tool and applications that process ICC color profiles using the vulnerable enum.