CVE-2026-21673
Integer Overflow in iccDEV Library's ICC Profile Parsing
Publication date: 2026-01-06
Last updated on: 2026-01-06
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| internationalcolorconsortium | iccdev | to 2.3.1.2 (exc) |
| internationalcolorconsortium | iccdev | 2.3.1.1 |
| internationalcolorconsortium | iccdev | 2.3.1.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-681 | When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur. |
| CWE-704 | The product does not correctly convert an object, resource, or structure from one type to a different type. |
| CWE-190 | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the iccDEV library occurs in the function CIccXmlArrayType::ParseTextCountNum(), where improper handling of numeric input parsing leads to integer overflows and underflows. Specifically, out-of-range values, NaNs, or extremely large or negative numbers are incorrectly converted or cast to typed buffers, causing undefined behavior such as crashes or denial of service. The issue arises from failing to clip or validate numeric values before assignment, which can cause runtime errors when processing ICC color profiles. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can lead to crashes or denial of service (DoS) when processing malicious ICC color profiles using the iccDEV library. It poses high risks to confidentiality, integrity, and availability by potentially allowing unauthorized data access, modification, or service disruption. Exploitation requires local access with low complexity and user interaction, affecting users who process ICC color profiles with vulnerable versions of iccDEV. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring the processing of ICC color profiles using the iccDEV library, especially looking for crashes or denial of service conditions caused by out-of-range numeric values or NaNs during parsing. Since the issue was discovered through fuzz testing that triggered runtime errors with out-of-range values, one approach is to run fuzz tests or use UndefinedBehaviorSanitizer (UBSan) on the iccDEV library when processing ICC profiles. Specific commands are not provided in the resources, but using UBSan-enabled builds and fuzzing tools on the function CIccXmlArrayType::ParseTextCountNum() or the IccFromXML function could help detect the issue. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade the iccDEV library to version 2.3.1.1 or later, where the issue has been fixed by introducing safe clipping of numeric input values in the parsing function CIccXmlArrayType::ParseTextCountNum(). There are no known workarounds, so applying the patch or updating to the fixed version is necessary to prevent crashes or denial of service caused by this vulnerability. [1, 3]