CVE-2026-21496
NULL Pointer Dereference in iccDEV Signature Parser Before
Publication date: 2026-01-07
Last updated on: 2026-01-07
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| internationalcolorconsortium | iccdev | to 2.3.1.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-252 | The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions. |
| CWE-690 | The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. |
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-21496 is a vulnerability in the iccDEV library where a NULL pointer dereference occurs in the function icGetSigVal() during the parsing of ICC profile XML data. Specifically, when the function processes malformed or unexpected tag signature strings, it may pass a null pointer to strlen(), causing a segmentation fault and crashing the application. This happens because of improper input validation and lack of null checks in the signature value retrieval function. [1, 3]
How can this vulnerability impact me? :
This vulnerability can cause the application using iccDEV to crash (denial of service) when processing specially crafted ICC profile XML files containing malformed tag signatures. It requires local attacker access with user interaction but no special privileges. The impact is on availability, as the crash interrupts normal operation, but it does not affect confidentiality or integrity. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the iccDEV tools, specifically the iccFromXml tool, with crafted ICC profile XML files containing malformed or empty <TagSignature> elements that trigger a null pointer dereference and cause the application to crash. Monitoring for crashes or segmentation faults (SEGV) in iccDEV processes when parsing ICC profile XML data is an indicator. There is no specific network detection command provided, but running the iccFromXml tool with a crafted malformed XML input as a test can reveal the vulnerability. For example, using a proof-of-concept XML snippet that includes invalid or empty <TagSignature> elements to trigger the crash can be used as a detection method. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade iccDEV to version 2.3.1.2 or later, where the issue has been fixed by adding proper null pointer checks in the icGetSigVal() function to prevent null pointer dereference. If upgrading is not immediately possible, avoid processing untrusted or malformed ICC profile XML files with vulnerable versions of iccDEV tools to prevent denial of service crashes. [2, 3, 4, 5]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability causes a denial of service by crashing the application due to a null pointer dereference, impacting availability but not confidentiality or integrity. There is no information indicating that this vulnerability directly affects compliance with common standards and regulations such as GDPR or HIPAA. [3]