Vulnerability Database

322,129

Total vulnerabilities in the database

CVE-2026-21505

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined behavior due to an invalid enum value. This issue has been patched in version 2.3.1.2.

Published: Jan 7, 2026
Updated: Jan 13, 2026
CVE: CVE-2026-21505
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWEs:

CWE-20
CWE-843

Affected Software
References

Software	From	Fixed in
color / iccdev	-	2.3.1.2

https://github.com/InternationalColorConsortium/iccDEV/commit/3bbe2088b2796cf0aa4f7fa19f7ccd9ad1c7aba5
https://github.com/InternationalColorConsortium/iccDEV/commit/b1bb72fc3e9442ee1355aabae7314bb7d3fc9d41
https://github.com/InternationalColorConsortium/iccDEV/issues/361
https://github.com/InternationalColorConsortium/iccDEV/pull/419
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-j577-8285-qrf9

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo