iccDEV is Vulnerable to Denial of Service via Infinite Loop...

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have an infinite loop in the IccProfile.cpp function, CalcProfileID. This issue is fixed in version 2.3.1.1.

Basic Information

ID CVE-2026-21507

Source GitHub_M

Published Jan 6, 2026 at 00:11

Affected Product

Vendor InternationalColorConsortium

Product iccDEV

Version < 2.3.1.1

Affected Versions InternationalColorConsortium iccDEV < 2.3.1.1

CWE Classification

CWE-835

References

{
    "lastseen": "",
    "description": "iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have an infinite loop in the IccProfile.cpp function, CalcProfileID. This issue is fixed in version 2.3.1.1.",
    "published": "2026-01-06T00:11:25.603Z",
    "modified": "2026-01-06T00:11:25.603Z",
    "type": "cve",
    "title": "iccDEV is Vulnerable to Denial of Service via Infinite Loop in CalcProfileID()",
    "source": "GitHub_M",
    "references": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-hgp5-r8m9-8qpj\nhttps://github.com/InternationalColorConsortium/iccDEV/issues/244\nhttps://github.com/InternationalColorConsortium/iccDEV/commit/3f3ce789d0d2b608c194ed172fa38943519dc198",
    "id": "CVE-2026-21507",
    "bulletinFamily": "",
    "cwe": [
        "CWE-835"
    ],
    "cvelist": null,
    "sourceData": "InternationalColorConsortium iccDEV < 2.3.1.1",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "iccDEV",
    "version": "< 2.3.1.1",
    "vendor": "InternationalColorConsortium",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

iccDEV is Vulnerable to Denial of Service via Infinite Loop in CalcProfileID()_CVE-2026-21507