CVE

CVE-2026-21682

iccDEV has heap-buffer-overflow in CIccXmlArrayType::ParseText()

CVE

CVE-2026-21682

iccDEV has heap-buffer-overflow in CIccXmlArrayType::ParseText()

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow in CIccXmlArrayType::ParseText(). This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

8.8

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Related Resources

No items found.

References

https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/21xxx/CVE-2026-21682.json, https://github.com/InternationalColorConsortium/iccDEV/issues/178, https://github.com/InternationalColorConsortium/iccDEV/pull/229, https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-jq9m-54gr-c56c, https://nvd.nist.gov/vuln/detail/CVE-2026-21682

Severity

8.8

CVSS Score

Basic Information

Ecosystem

Base CVSS

8.8

EPSS Probability

0.001%

EPSS Percentile

0.28372%

Introduced Version

Fix Available

ad159eb00bf46fa17496a0f8c4cb49de8918062c

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

CVE-2026-21682

CVE-2026-21682

Package Versions Affected

Automatically patch vulnerabilities without upgrading

CVSS Version

Related Resources

References

Severity

8.8

Basic Information

Fix Critical Vulnerabilities Instantly