Vulnerability Database

322,129

Total vulnerabilities in the database

CVE-2026-21493

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Type Confusion in its CIccSingleSampledeCurveXml class during XML Curve Serialization. This issue is fixed in version 2.3.1.2.

Published: Jan 6, 2026
Updated: Jan 15, 2026
CVE: CVE-2026-21493
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.6
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

CWEs:

CWE-188
CWE-703
CWE-843

Affected Software
References

Software	From	Fixed in
color / iccdev	-	2.3.1.2

https://github.com/InternationalColorConsortium/iccDEV/commit/7ff76d1471077172f9659de8d9536443eac7c48f
https://github.com/InternationalColorConsortium/iccDEV/issues/358
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-p85g-f9q7-jmjx

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo