CVE-2026-21677

HighPublic PoC

Published: 06 January 2026

Published

06 January 2026

Modified

12 January 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0019 40.4th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have Undefined Behavior in its CIccCLUT::Init function which initializes and sets the size of a CLUT. This issue is fixed in…

version 2.3.1.1.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

preventrecover

Directly mandates timely identification, reporting, and correction of software flaws like the undefined behavior in iccDEV's CIccCLUT::Init by updating to version 2.3.1.1.

SI-10 Information Input Validation good match

prevent

Requires validation of information inputs such as malicious ICC profiles to block improper inputs that trigger undefined behavior and exploitation.

RA-5 Vulnerability Monitoring and Scanning partial match

detect

Enables vulnerability scanning to identify systems using vulnerable iccDEV versions, supporting remediation before exploitation via malicious profiles.

Security SummaryAI

CVE-2026-21677 affects iccDEV, a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and prior contain undefined behavior in the CIccCLUT::Init function, which initializes and sets the size of a color lookup table (CLUT). This vulnerability, linked to CWE-20 (Improper Input Validation) and CWE-758 (Reliance on Undefined, Unspecified, or Implementation-Defined Behavior), carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

An unauthenticated remote attacker can exploit this vulnerability over the network with low complexity by tricking a user into processing a malicious ICC profile, such as via an application that handles color management files. Successful exploitation could result in high-impact confidentiality, integrity, and availability violations, potentially enabling arbitrary code execution, data corruption, or denial of service on the affected system.

The GitHub security advisory (GHSA-95w5-jvqf-3994) and related issues (#181) detail the fix in iccDEV version 2.3.1.1, implemented via commit 201125fbda22c8e4ea95800a6b427093fa4b8a22. Security practitioners should update to 2.3.1.1 or later and audit applications using iccDEV for handling untrusted ICC profiles.

Details

CWE(s): CWE-20 CWE-758

Affected Products

color

iccdev

≤ 2.3.1.1

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

Why these techniques?

The vulnerability allows remote attackers to exploit a client-side library flaw in iccDEV by tricking users into processing malicious ICC profiles, enabling arbitrary code execution which directly maps to Exploitation for Client Execution (T1203).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/InternationalColorConsortium/iccDEV/commit/201125fbda22c8e4ea95800a6b427093fa4b8a22
Patch · security-advisories@github.com
https://github.com/InternationalColorConsortium/iccDEV/issues/181
Issue Tracking, Exploit, Vendor Advisory · security-advisories@github.com
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-95w5-jvqf-3994
Patch, Vendor Advisory · security-advisories@github.com
https://github.com/InternationalColorConsortium/iccDEV/issues/181
Issue Tracking, Exploit, Vendor Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0