CVE-2026-21495
Unknown Unknown - Not Provided
Division by Zero in iccDEV TIFF Reader Causes Crash

Publication date: 2026-01-07

Last updated on: 2026-01-07

Assigner: GitHub, Inc.

Description
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to division by zero in the TIFF Image Reader. This issue has been patched in version 2.3.1.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-07
Last Modified
2026-01-07
Generated
2026-06-16
AI Q&A
2026-01-07
EPSS Evaluated
2026-06-15
NVD
CVE-2026-21495
EUVD
EUVD-2026-1411
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
internationalcolorconsortium iccdev to 2.3.1.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-369 The product divides a value by zero.
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a division by zero flaw in the iccDEV library's TIFF image reader component. It occurs because the software does not properly validate certain TIFF image parameters, such as the number of rows per strip, samples per pixel, or bits per sample. If any of these values are zero, the program attempts a division by zero operation, which can cause the software to crash or behave unexpectedly. This issue affects versions of iccDEV prior to 2.3.1.2 and has been fixed by adding checks to validate these parameters and prevent processing invalid TIFF files. [1, 2]

Impact Analysis

Exploitation of this vulnerability can lead to a denial of service condition by causing the iccDEV TIFF image reader to crash or become unavailable. The impact is on availability only, with no effect on confidentiality or integrity. An attacker with local access and the ability to provide a specially crafted TIFF image can trigger this issue, causing the affected software to fail. [2]

Detection Guidance

This vulnerability can be detected by checking if your system is running a version of iccDEV prior to 2.3.1.2, as those versions are vulnerable to a division by zero error in the TIFF image reader. Since the issue arises from processing malformed TIFF files, monitoring for crashes or denial of service events related to TIFF image handling in iccDEV could indicate exploitation attempts. There are no specific commands provided in the resources to detect the vulnerability directly, but you can verify the iccDEV version installed using typical package or build version commands, for example: `iccdev --version` or checking the installed package version via your package manager. Additionally, reviewing logs for crashes related to TIFF image processing may help detect exploitation. [2, 1]

Mitigation Strategies

The immediate mitigation step is to upgrade iccDEV to version 2.3.1.2 or later, where the vulnerability has been patched. This update includes validation of critical TIFF parameters to prevent division by zero errors and improves error handling to avoid crashes. No workarounds are provided, so applying the patch or upgrading to the fixed version is necessary to mitigate the vulnerability. [2, 1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-21495. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart