How severe is CVE-2026-21490?

CVE-2026-21490 has a CVSS v3 score of 6.1 (MEDIUM).

CVE-2026-21490

Name: iccdev
Author: color

6.1MEDIUM

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in

公開日: 1/6/2026更新日: 1/12/2026

説明

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It results in heap buffer overflow in `CIccTagLut16::Validate()`. Version 2.3.1.2 contains a patch. No known workarounds are available.

AI分析AIによる分析

影響を受ける製品

coloriccdev

参照

https://github.com/InternationalColorConsortium/iccDEV/commit/7c2cb719a9de1c00844e457e070d657314383ee3
Patch
https://github.com/InternationalColorConsortium/iccDEV/commit/e91fe722ac54ce497d410153e7405090e0565d7b
Patch
https://github.com/InternationalColorConsortium/iccDEV/issues/397
Issue TrackingExploitVendor Advisory
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-9q9c-699q-xr2q
PatchVendor Advisory