CVE-2026-21684
- Source
- https://cve.org/CVERecord?id=CVE-2026-21684
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-21684.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-21684
- Aliases
-
- GHSA-fg9m-j9x8-8279
- Published
- 2026-01-07T21:18:31.527Z
- Modified
- 2026-03-01T02:56:02.327711Z
- Severity
-
- 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVSS Calculator
- Summary
- iccDEV has Undefined Behavior in CIccTagSpectralViewingConditions()
- Details
-
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in
CIccTagSpectralViewingConditions(). This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available. - Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-20", "CWE-758" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/21xxx/CVE-2026-21684.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/21xxx/CVE-2026-21684.json
- https://github.com/InternationalColorConsortium/iccDEV/issues/216
- https://github.com/InternationalColorConsortium/iccDEV/pull/225
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-fg9m-j9x8-8279
- https://nvd.nist.gov/vuln/detail/CVE-2026-21684