CRITICAL🇵🇱 Wersja polska

CVE-2026-21675

CVSS 9.8v3.1pub. 2026-01-06upd. 2026-01-12

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a Use After Free vulnerability in the CIccXform::Create() function, where it deletes the hint. This issue is fixed in version 2.3.1.1.

🤖 AI Analysis
How it works

The vulnerability lies in the fact that the CIccXform::Create() function deallocates (frees) the hint object, after which it is possible to reference the already freed memory area (use-after-free). This is a classic memory management error classified as CWE-416. An attacker can provide a crafted ICC profile that calls this function in a way that allows control over the freed memory area.

Impact

Successful exploitation of this vulnerability may lead to arbitrary code execution (RCE) in the context of an application using the library, as well as disclosure of sensitive data or system instability (denial of service). The full CVSS vector indicates the possibility of violations of confidentiality, integrity, and availability.

Mitigation & patch

iccDEV should be updated to version 2.3.1.1, in which the issue has been fixed. The patch is available in the project repository on GitHub (commit 510baf58fa48e00ebbb5dd577f0db4af8876bb31).

Who is affected

iccDEV in versions 2.3.1 and earlier (libraries and tools for handling ICC profiles compliant with the International Color Consortium standard).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Color Iccdev

    APP
    Color
    < 2.3.1.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2026-30985HIGH7.8ten sam produkt

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5,...

CVE-2026-30979HIGH7.8ten sam produkt

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5,...

CVE-2026-30978HIGH7.8ten sam produkt

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5,...

CVE-2026-30983HIGH7.8ten sam produkt

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5,...

CVE-2026-30987HIGH7.8ten sam produkt

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5,...