Vulnerability Database

322,129

Total vulnerabilities in the database

CVE-2026-21500

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to stack overflow in the XML calculator macro expansion. This issue has been patched in version 2.3.1.2.

Published: Jan 7, 2026
Updated: Jan 10, 2026
CVE: CVE-2026-21500
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWEs:

CWE-20
CWE-400
CWE-674
CWE-1119
CWE-787

Affected Software
References

Software	From	Fixed in
color / iccdev	-	2.3.1.2

https://github.com/InternationalColorConsortium/iccDEV/commit/cce5f9b68a6c067b7ef898ccd5b000770745fb14
https://github.com/InternationalColorConsortium/iccDEV/commit/f295826a6f15add90490030f23b2ddd8593bff5b
https://github.com/InternationalColorConsortium/iccDEV/issues/384
https://github.com/InternationalColorConsortium/iccDEV/pull/406
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-4h4j-mm9w-2cp4

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo