CVE-2026-21505

Опубликовано: 07 янв. 2026

Источник: nvd

CVSS3: 5.5

CVSS3: 7.8

EPSS Низкий

Описание

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined behavior due to an invalid enum value. This issue has been patched in version 2.3.1.2.

Ссылки

https://github.com/InternationalColorConsortium/iccDEV/commit/3bbe2088b2796cf0aa4f7fa19f7ccd9ad1c7aba5
Patch
https://github.com/InternationalColorConsortium/iccDEV/commit/b1bb72fc3e9442ee1355aabae7314bb7d3fc9d41
Patch
https://github.com/InternationalColorConsortium/iccDEV/issues/361
Exploit
Issue Tracking
https://github.com/InternationalColorConsortium/iccDEV/pull/419
Issue Tracking
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-j577-8285-qrf9
Third Party Advisory
https://github.com/InternationalColorConsortium/iccDEV/issues/361
Exploit
Issue Tracking

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*

Версия до 2.3.1.2 (исключая)

EPSS

Процентиль: 3%

0.00018

Низкий

5.5 Medium

CVSS3

7.8 High

CVSS3

Дефекты

CWE-20

NVD-CWE-noinfo

EPSS

Процентиль: 3%

0.00018

Низкий

5.5 Medium

CVSS3

7.8 High

CVSS3

Дефекты

CWE-20

NVD-CWE-noinfo