Vulnerability Database

322,129

Total vulnerabilities in the database

CVE-2026-21496

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the signature parser. This issue has been patched in version 2.3.1.2.

Published: Jan 7, 2026
Updated: Jan 10, 2026
CVE: CVE-2026-21496
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWEs:

CWE-20
CWE-252
CWE-476
CWE-690

Affected Software
References

Software	From	Fixed in
color / iccdev	-	2.3.1.2

https://github.com/InternationalColorConsortium/iccDEV/commit/0e51ceb427925b7e22f0465547df7506d35cda1c
https://github.com/InternationalColorConsortium/iccDEV/commit/b5ad23aceece3789bdf1c47bae1ecf9d7bfcd26d
https://github.com/InternationalColorConsortium/iccDEV/issues/381
https://github.com/InternationalColorConsortium/iccDEV/pull/405
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-wj8m-6w77-r4rw

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo