CVE-2026-21504
Heap Buffer Overflow in iccDEV ToneMap Parser Prior to
Publication date: 2026-01-07
Last updated on: 2026-01-07
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| internationalcolorconsortium | iccdev | to 2.3.1.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-193 | A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value. |
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-21504 is a heap buffer overflow vulnerability in the iccDEV library's ToneMap parser, specifically in the function CIccMpeToneMap::Read(). The issue arises from improper handling of buffer boundaries when reading data into a heap-allocated buffer, causing the code to read beyond the allocated memory. This overflow can lead to crashes or potentially arbitrary code execution. The root cause was an incorrect loop increment variable that caused out-of-bounds memory access during tone map data processing. The vulnerability affects versions prior to 2.3.1.2 and has been fixed by correcting the loop increment to prevent the overflow. [2, 3, 6]
How can this vulnerability impact me? :
This vulnerability can lead to a denial of service by causing application crashes due to illegal memory access. It may also allow an attacker to execute arbitrary code, compromising system availability and potentially integrity and confidentiality to a lesser extent. Exploitation requires local access with user interaction but no special privileges. The impact includes low confidentiality and integrity loss but high availability impact. [3, 6]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by analyzing the processing of ICC profile files, especially those containing multi-process element tags that invoke the vulnerable CIccMpeToneMap::Read() function. Detection may involve using tools like AddressSanitizer to identify heap buffer overflows during ICC profile parsing. A practical approach is to test ICC profile files with verbose debugging tools such as `iccDumpProfile -v` on potentially malicious or crafted .icc files to observe crashes or illegal memory accesses indicative of the vulnerability. [6]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the iccDEV library to version 2.3.1.2 or later, where the heap buffer overflow in the ToneMap parser has been patched. No workarounds are provided, so applying the official patch or updating to the fixed version is necessary to prevent exploitation. [3]