Vulnerability Database

322,129

Total vulnerabilities in the database

CVE-2026-21504

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap buffer overflow in the ToneMap parser. This issue has been patched in version 2.3.1.2.

Published: Jan 7, 2026
Updated: Jan 10, 2026
CVE: CVE-2026-21504
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.6
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

CWEs:

CWE-122
CWE-193
CWE-787

Affected Software
References

Software	From	Fixed in
color / iccdev	-	2.3.1.2

https://github.com/InternationalColorConsortium/iccDEV/blob/798be59011649a26a529600cc3cd56437634d3d0/IccProfLib/IccMpeBasic.cpp#L4557
https://github.com/InternationalColorConsortium/iccDEV/commit/14fe3785e6b1f9992375b2a24617a0d7f6a70f95
https://github.com/InternationalColorConsortium/iccDEV/commit/23a38f83f2a5874a1c4427df59ec342af3277cad
https://github.com/InternationalColorConsortium/iccDEV/issues/366
https://github.com/InternationalColorConsortium/iccDEV/pull/415
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-rqp9-r53c-3m9h

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo