iccDEV Undefined Behavior (UB) and Out of Memory in CIccProfile::LoadTag()

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are prone to have Undefined Behavior (UB) and Out of Memory errors. This issue is fixed in version 2.3.1.2.

AI Analysis

Undefined Behavior (UB) and Out of Memory errors in iccDEV versions 2.3.1.1 and below

Basic Information

ID CVE-2026-21485

Source GitHub_M

Published Jan 6, 2026 at 03:17

Affected Product

Vendor InternationalColorConsortium

Product iccDEV

Version < 2.3.1.2

Affected Versions InternationalColorConsortium iccDEV < 2.3.1.2

CWE Classification

CWE-20 CWE-125 CWE-190 CWE-400 CWE-476 CWE-787 CWE-1284

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor InternationalColorConsortium

Product iccDEV

Version 2.3.1.1 and below

References

{
    "lastseen": "",
    "description": "iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are prone to have Undefined Behavior (UB) and Out of Memory errors. This issue is fixed in version 2.3.1.2.",
    "published": "2026-01-06T03:17:47.555Z",
    "modified": "2026-01-06T03:17:47.555Z",
    "type": "cve",
    "title": "iccDEV Undefined Behavior (UB) and Out of Memory in CIccProfile::LoadTag()",
    "source": "GitHub_M",
    "references": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-chp2-4gv5-2432\nhttps://github.com/InternationalColorConsortium/iccDEV/issues/340\nhttps://github.com/InternationalColorConsortium/iccDEV/commit/c136aac51d25cbb4d9db63f071edad4f088843df",
    "id": "CVE-2026-21485",
    "bulletinFamily": "",
    "cwe": [
        "CWE-20",
        "CWE-125",
        "CWE-190",
        "CWE-400",
        "CWE-476",
        "CWE-787",
        "CWE-1284"
    ],
    "cvelist": null,
    "sourceData": "InternationalColorConsortium iccDEV < 2.3.1.2",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "iccDEV",
    "version": "< 2.3.1.2",
    "vendor": "InternationalColorConsortium",
    "ai_description": "Undefined Behavior (UB) and Out of Memory errors in iccDEV versions 2.3.1.1 and below",
    "ai_severity": "High",
    "ai_vendor": "InternationalColorConsortium",
    "ai_product": "iccDEV",
    "ai_version": "2.3.1.1 and below",
    "ai_score": 8.8
}

iccDEV Undefined Behavior (UB) and Out of Memory in CIccProfile::LoadTag()_CVE-2026-21485