{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-21485","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2025-12-29T14:34:16.005Z","datePublished":"2026-01-06T03:17:47.555Z","dateUpdated":"2026-01-06T18:56:40.921Z"},"containers":{"cna":{"title":"iccDEV Undefined Behavior (UB) and Out of Memory in CIccProfile::LoadTag()","problemTypes":[{"descriptions":[{"cweId":"CWE-20","lang":"en","description":"CWE-20: Improper Input Validation","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-125","lang":"en","description":"CWE-125: Out-of-bounds Read","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-190","lang":"en","description":"CWE-190: Integer Overflow or Wraparound","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-400","lang":"en","description":"CWE-400: Uncontrolled Resource Consumption","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-476","lang":"en","description":"CWE-476: NULL Pointer Dereference","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-787","lang":"en","description":"CWE-787: Out-of-bounds Write","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-1284","lang":"en","description":"CWE-1284: Improper Validation of Specified Quantity in Input","type":"CWE"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"}}],"references":[{"name":"https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-chp2-4gv5-2432","tags":["x_refsource_CONFIRM"],"url":"https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-chp2-4gv5-2432"},{"name":"https://github.com/InternationalColorConsortium/iccDEV/issues/340","tags":["x_refsource_MISC"],"url":"https://github.com/InternationalColorConsortium/iccDEV/issues/340"},{"name":"https://github.com/InternationalColorConsortium/iccDEV/commit/c136aac51d25cbb4d9db63f071edad4f088843df","tags":["x_refsource_MISC"],"url":"https://github.com/InternationalColorConsortium/iccDEV/commit/c136aac51d25cbb4d9db63f071edad4f088843df"}],"affected":[{"vendor":"InternationalColorConsortium","product":"iccDEV","versions":[{"version":"< 2.3.1.2","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2026-01-06T03:17:47.555Z"},"descriptions":[{"lang":"en","value":"iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are prone to have Undefined Behavior (UB) and Out of Memory errors. This issue is fixed in version 2.3.1.2."}],"source":{"advisory":"GHSA-chp2-4gv5-2432","discovery":"UNKNOWN"}},"adp":[{"references":[{"url":"https://github.com/InternationalColorConsortium/iccDEV/issues/340","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-01-06T14:19:28.336971Z","id":"CVE-2026-21485","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-06T18:56:40.921Z"}}]}}