CVE-2026-21501

Опубликовано: 07 янв. 2026

Источник: nvd

CVSS3: 5.5

CVSS3: 7.8

EPSS Низкий

Описание

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to stack overflow in the calculator parser. This issue has been patched in version 2.3.1.2.

Ссылки

https://github.com/InternationalColorConsortium/iccDEV/blob/8e71f0a701abcbd554725ba7b70258203e682a61/IccProfLib/IccMpeCalc.cpp#L4588
Product
https://github.com/InternationalColorConsortium/iccDEV/commit/798be59011649a26a529600cc3cd56437634d3d0
Patch
https://github.com/InternationalColorConsortium/iccDEV/commit/f3056ed99935d479091470127ad16f8be1912bb7
Patch
https://github.com/InternationalColorConsortium/iccDEV/issues/365
Exploit
Issue Tracking
https://github.com/InternationalColorConsortium/iccDEV/pull/413
Issue Tracking
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-x7hw-h22p-2x4w
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*

Версия до 2.3.1.2 (исключая)

EPSS

Процентиль: 4%

0.00018

Низкий

5.5 Medium

CVSS3

7.8 High

CVSS3

Дефекты

CWE-20

CWE-787

EPSS

Процентиль: 4%

0.00018

Низкий

5.5 Medium

CVSS3

7.8 High

CVSS3

Дефекты

CWE-20

CWE-787