How severe is CVE-2026-21501?

CVE-2026-21501 has a CVSS v3 score of 5.5 (MEDIUM).

CVE-2026-21501

Name: iccdev
Author: color

5.5MEDIUM

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to stack ove

Publicado: 1/7/2026Actualizado: 1/9/2026

Descripción

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to stack overflow in the calculator parser. This issue has been patched in version 2.3.1.2.

Análisis IAImpulsado por IA

Productos Afectados

coloriccdev

Referencias

https://github.com/InternationalColorConsortium/iccDEV/blob/8e71f0a701abcbd554725ba7b70258203e682a61/IccProfLib/IccMpeCalc.cpp#L4588
Product
https://github.com/InternationalColorConsortium/iccDEV/commit/798be59011649a26a529600cc3cd56437634d3d0
Patch
https://github.com/InternationalColorConsortium/iccDEV/commit/f3056ed99935d479091470127ad16f8be1912bb7
Patch
https://github.com/InternationalColorConsortium/iccDEV/issues/365
ExploitIssue Tracking
https://github.com/InternationalColorConsortium/iccDEV/pull/413
Issue Tracking
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-x7hw-h22p-2x4w
Third Party Advisory