CVE-2026-21485HIGH 8.8EPSS p22.3%

CVE-2026-21485CVE-2026-21485

Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are prone to have Undefined Behavior (UB) and Out of Memory errors. This issue is fixed in version 2.3.1.2.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS0.31% probability of exploitation · percentile 22.3% · 2026-06-18T12:00:27Z
Published2026-01-06
Last modified2026-01-14

Underlying weaknesses· 7

CWE-20CWE-125CWE-190CWE-400CWE-476CWE-787CWE-1284

References

  1. https://github.com/InternationalColorConsortium/iccDEV/commit/c136aac51d25cbb4d9db63f071edad4f088843df
  2. https://github.com/InternationalColorConsortium/iccDEV/issues/340
  3. https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-chp2-4gv5-2432
  4. https://github.com/InternationalColorConsortium/iccDEV/issues/340

7

TypeTargetConfidenceTier
WeaknessOut-of-bounds Readcwe-1250%live
WeaknessImproper Validation of Specified Quantity in Inputcwe-12840%live
WeaknessInteger Overflow or Wraparoundcwe-1900%live
WeaknessImproper Input Validationcwe-200%live
WeaknessUncontrolled Resource Consumptioncwe-4000%live
WeaknessNULL Pointer Dereferencecwe-4760%live
WeaknessOut-of-bounds Writecwe-7870%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-21676
CVE
CVE-2026-21677
CVE
CVE-2026-22255
CVE
CVE-2026-21682
CVE
CVE-2026-24410
CVE
CVE-2026-21679
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.