How severe is CVE-2026-21502?

CVE-2026-21502 has a CVSS v3 score of 5.5 (MEDIUM).

CVE-2026-21502

Name: iccdev
Author: color

5.5MEDIUM

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL poin

Publicado: 1/7/2026Actualizado: 1/9/2026

Descripción

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML tag parser. This issue has been patched in version 2.3.1.2.

Análisis IAImpulsado por IA

Productos Afectados

coloriccdev

Referencias

https://github.com/InternationalColorConsortium/iccDEV/commit/d04c236775e89a029f93efcc242fdb1fbc245a1c
Patch
https://github.com/InternationalColorConsortium/iccDEV/commit/d9e42a1fb2606e25e498eb94f34f6da89f522e35
Patch
https://github.com/InternationalColorConsortium/iccDEV/issues/368
ExploitIssue Tracking
https://github.com/InternationalColorConsortium/iccDEV/pull/407
Issue Tracking
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-67r8-q3mh-42j6
Third Party Advisory