CVE-2026-21504

Sažetak

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap buffer overflow in the ToneMap parser. This issue has been patched in version 2.3.1.2.

Reference

https://github.com/InternationalColorConsortium/iccDEV/blob/798be59011649a26a529600cc3cd56437634d3d0/IccProfLib/IccMpeBasic.cpp#L4557
https://github.com/InternationalColorConsortium/iccDEV/commit/14fe3785e6b1f9992375b2a24617a0d7f6a70f95
https://github.com/InternationalColorConsortium/iccDEV/commit/23a38f83f2a5874a1c4427df59ec342af3277cad
https://github.com/InternationalColorConsortium/iccDEV/issues/366
https://github.com/InternationalColorConsortium/iccDEV/pull/415
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-rqp9-r53c-3m9h

CVSS

Base:	6.6
Impact:	4.7
Exploitability:	1.8

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	HIGH

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

Zadnje važnije ažuriranje

09-01-2026 - 21:34

Objavljeno

07-01-2026 - 18:15