How severe is CVE-2026-21496?

CVE-2026-21496 has a CVSS v3 score of 5.5 (MEDIUM).

CVE-2026-21496

Name: iccdev
Author: color

5.5MEDIUM

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL poin

Published: 1/7/2026Updated: 1/9/2026

Description

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the signature parser. This issue has been patched in version 2.3.1.2.

AI AnalysisPowered by AI

Affected Products

coloriccdev

References

https://github.com/InternationalColorConsortium/iccDEV/commit/0e51ceb427925b7e22f0465547df7506d35cda1c
Patch
https://github.com/InternationalColorConsortium/iccDEV/commit/b5ad23aceece3789bdf1c47bae1ecf9d7bfcd26d
Patch
https://github.com/InternationalColorConsortium/iccDEV/issues/381
ExploitIssue Tracking
https://github.com/InternationalColorConsortium/iccDEV/pull/405
Issue Tracking
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-wj8m-6w77-r4rw
Third Party Advisory