exploitDog

CVE-2026-21493

Опубликовано: 06 янв. 2026

Источник: nvd

CVSS3: 6.6

EPSS Низкий

Описание

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Type Confusion in its CIccSingleSampledeCurveXml class during XML Curve Serialization. This issue is fixed in version 2.3.1.2.

Ссылки

https://github.com/InternationalColorConsortium/iccDEV/commit/7ff76d1471077172f9659de8d9536443eac7c48f
Patch
https://github.com/InternationalColorConsortium/iccDEV/issues/358
Exploit
Issue Tracking
Vendor Advisory
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-p85g-f9q7-jmjx
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*

Версия до 2.3.1.2 (исключая)

EPSS

Процентиль: 1%

0.00011

Низкий

6.6 Medium

CVSS3

Дефекты

CWE-188

EPSS

Процентиль: 1%

0.00011

Низкий

6.6 Medium

CVSS3

Дефекты

CWE-188