exploitDog

CVE-2026-21684

Опубликовано: 07 янв. 2026

Источник: nvd

CVSS3: 7.1

EPSS Низкий

Описание

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in CIccTagSpectralViewingConditions(). This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.

Ссылки

https://github.com/InternationalColorConsortium/iccDEV/issues/216
Issue Tracking
Exploit
Vendor Advisory
https://github.com/InternationalColorConsortium/iccDEV/pull/225
Issue Tracking
Patch
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-fg9m-j9x8-8279
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*

Версия до 2.3.1.1 (исключая)

EPSS

Процентиль: 28%

0.00101

Низкий

7.1 High

CVSS3

Дефекты

CWE-20

EPSS

Процентиль: 28%

0.00101

Низкий

7.1 High

CVSS3

Дефекты

CWE-20