Vulnerability Details CVE-2026-21503
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined behavior due to a null pointer passed to memcpy() in CIccTagSparseMatrixArray. This issue has been patched in version 2.3.1.2.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 3.4%
CVSS Severity
CVSS v3 Score 6.1
References
- https://github.com/InternationalColorConsortium/iccDEV/commit/55259a6395c4f6124b5d0e38469c77412926bd3d
- https://github.com/InternationalColorConsortium/iccDEV/issues/367
- https://github.com/InternationalColorConsortium/iccDEV/pull/417
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-h554-qrfh-53gx