Description
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a NULL pointer member call vulnerability. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.
Published: 2026-01-06
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

iccer provides libraries for manipulating ICC color profiles. Versions prior to 2.3.1.2 contain a null pointer member call that can be triggered when processing ICC profiles, causing the application to crash. The vulnerability does not provide arbitrary code execution or privilege escalation; its primary impact is a denial of service by terminating the process that handles the profile.

Affected Systems

The affected product is iccDEV from the International Color Consortium, specifically library versions older than 2.3.1.2. Users who utilize these libraries to process ICC color profiles are impacted. The patch that mitigates the issue is included in release 2.3.1.2.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate severity. The EPSS score is below 1% and the vulnerability is not listed in the National Cyber Awareness System KEV catalog, suggesting a low likelihood of widespread exploitation. An attacker would need local access to an application that processes ICC profiles; no network-facing or elevated privilege exploitation is required. The vulnerability primarily disrupts availability rather than confidentiality or integrity.

Generated by OpenCVE AI on April 18, 2026 at 08:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade or apply the iccDEV 2.3.1.2 patch to all deployments of the library.
  • If an immediate upgrade is not feasible, ensure that ICC profiles are sourced only from trusted inputs and validate profile data before processing.
  • Monitor application logs for segmentation faults or crashes related to iccDEV and apply the patch as soon as possible.

Generated by OpenCVE AI on April 18, 2026 at 08:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 12 Jan 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Color
Color iccdev
CPEs cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*
Vendors & Products Color
Color iccdev

Wed, 07 Jan 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 07 Jan 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Internationalcolorconsortium
Internationalcolorconsortium iccdev
Vendors & Products Internationalcolorconsortium
Internationalcolorconsortium iccdev

Tue, 06 Jan 2026 20:45:00 +0000

Type Values Removed Values Added
Description iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a NULL pointer member call vulnerability. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.
Title iccDEV ToneMap Writer has NULL Pointer Member Call
Weaknesses CWE-252
CWE-476
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Color Iccdev
Internationalcolorconsortium Iccdev
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-01-07T18:32:12.490Z

Reserved: 2025-12-29T14:34:16.006Z

Link: CVE-2026-21492

cve-icon Vulnrichment

Updated: 2026-01-07T18:31:58.270Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-06T21:15:43.863

Modified: 2026-01-12T18:30:54.893

Link: CVE-2026-21492

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T08:15:15Z

Weaknesses