CVE-2026-21487
Out-of-Bounds Read in iccDEV CIccProfile::LoadTag Function
Publication date: 2026-01-06
Last updated on: 2026-01-06
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| internationalcolorconsortium | iccdev | to 2.3.1.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
| CWE-823 | The product performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in iccDEV versions 2.3.1.1 and below involves improper input validation in the CIccProfile::LoadTag function. Specifically, the function fails to properly validate ICC profile tag sizes and offsets, leading to out-of-bounds reads and use of out-of-range pointer offsets. This means the software might read memory outside the intended buffer, potentially causing crashes or other unexpected behavior. The issue was fixed by adding checks to ensure tag offsets and sizes are within valid boundaries before processing. [1, 2]
How can this vulnerability impact me? :
An attacker with local access and no privileges can exploit this vulnerability with low complexity, but user interaction is required. Exploitation can lead to denial of service by causing the application to crash or become unavailable due to out-of-bounds memory reads. The impact on confidentiality is low, there is no impact on integrity, but availability is highly impacted. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability relates to improper input validation and out-of-bounds reads in the iccDEV library when processing ICC color profiles. Detection would involve identifying usage of vulnerable iccDEV versions (2.3.1.1 and below) and analyzing ICC profile files for malformed tags that trigger the issue. Since the vulnerability is local and requires user interaction, network detection is limited. There are no specific detection commands provided in the resources. However, checking the installed iccDEV version and scanning for ICC profile files processed by the vulnerable library could help. No explicit commands are available from the provided information.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the iccDEV library to version 2.3.1.2 or later, where the vulnerability is fixed by enhanced validation of ICC profile tag sizes in the CIccProfile::LoadTag function. This update prevents out-of-bounds reads and improper input validation by verifying tag offsets and sizes against the ICC profile header and file length. No workarounds are provided, so upgrading is the recommended action. [2, 1]