iccDEV has Type Confusion during XML Curve Serialization_CVE-2026-21493

6.6 / 10

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Type Confusion in its CIccSingleSampledeCurveXml class during XML Curve Serialization. This issue is fixed in version 2.3.1.2.

Basic Information

ID CVE-2026-21493

Source GitHub_M

Published Jan 6, 2026 at 14:11

Affected Product

Vendor InternationalColorConsortium

Product iccDEV

Version < 2.3.1.2

Affected Versions InternationalColorConsortium iccDEV < 2.3.1.2

CWE Classification

CWE-188 CWE-703 CWE-843

References

{
    "lastseen": "",
    "description": "iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Type Confusion in its CIccSingleSampledeCurveXml class during XML Curve Serialization. This issue is fixed in version 2.3.1.2.",
    "published": "2026-01-06T14:11:27.054Z",
    "modified": "2026-01-06T14:11:27.054Z",
    "type": "cve",
    "title": "iccDEV has Type Confusion during XML Curve Serialization",
    "source": "GitHub_M",
    "references": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-p85g-f9q7-jmjx\nhttps://github.com/InternationalColorConsortium/iccDEV/issues/358\nhttps://github.com/InternationalColorConsortium/iccDEV/commit/7ff76d1471077172f9659de8d9536443eac7c48f",
    "id": "CVE-2026-21493",
    "bulletinFamily": "",
    "cwe": [
        "CWE-188",
        "CWE-703",
        "CWE-843"
    ],
    "cvelist": null,
    "sourceData": "InternationalColorConsortium iccDEV < 2.3.1.2",
    "sourceHref": "",
    "cvss": {
        "score": 6.6,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "iccDEV",
    "version": "< 2.3.1.2",
    "vendor": "InternationalColorConsortium",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}