Security Vulnerability Report
中文
CVE-2026-21498 CVSS 5.5 MEDIUM

CVE-2026-21498

Published: 2026-01-07 18:15:54
Last Modified: 2026-01-09 21:59:55
Source: [email protected]

Description

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML calculator parser. This issue has been patched in version 2.3.1.2.

CVSS Details

CVSS Score
5.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:* - VULNERABLE
iccDEV < 2.3.1.2

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
/* * CVE-2026-21498 PoC - iccDEV XML Parser NULL Pointer Dereference * This PoC demonstrates the NULL pointer dereference vulnerability in iccDEV's XML calculator parser. * The vulnerability exists in versions prior to 2.3.1.2 * * Usage: Compile with iccDEV library and run with malicious ICC profile * gcc -o poc poc.c -liccDEV */ #include <stdio.h> #include <stdlib.h> #include <string.h> /* Simulated vulnerable XML parsing function */ typedef struct { char* tag_name; char* attribute; void* next_element; } XMLElement; /* Vulnerable function that doesn't check for NULL */ void parse_xml_element(XMLElement* elem) { /* This function attempts to access elem->next_element without NULL check */ /* In vulnerable version, if XML structure is malformed, next_element remains NULL */ printf("Parsing element: %s\n", elem->tag_name); /* VULNERABLE CODE: Direct access without NULL check */ if (strcmp(elem->tag_name, "calculator") == 0) { /* This will cause NULL pointer dereference if next_element is NULL */ XMLElement* next = (XMLElement*)elem->next_element; printf("Attribute: %s\n", next->attribute); /* CRASH HERE if next is NULL */ } } /* Create malicious XML structure to trigger vulnerability */ XMLElement* create_malicious_profile() { XMLElement* root = (XMLElement*)malloc(sizeof(XMLElement)); if (!root) return NULL; root->tag_name = strdup("calculator"); root->attribute = strdup("malicious_data"); /* VULNERABILITY: next_element is NULL, not initialized */ root->next_element = NULL; /* This NULL causes the crash */ return root; } int main(int argc, char* argv[]) { printf("[*] CVE-2026-21498 PoC - iccDEV NULL Pointer Dereference\n"); printf("[*] Target: iccDEV < 2.3.1.2\n"); XMLElement* malicious_profile = create_malicious_profile(); printf("[*] Triggering vulnerability...\n"); parse_xml_element(malicious_profile); /* Will crash here */ /* Cleanup */ free(malicious_profile->tag_name); free(malicious_profile->attribute); free(malicious_profile); return 0; } /* * REAL WORLD EXPLOITATION: * 1. Attacker creates a malicious ICC profile with malformed XML metadata * 2. Attacker tricks user into opening the profile with vulnerable application * 3. Application crashes due to NULL pointer dereference * 4. Result: Denial of Service */

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-21498", "sourceIdentifier": "[email protected]", "published": "2026-01-07T18:15:53.640", "lastModified": "2026-01-09T21:59:54.633", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML calculator parser. This issue has been patched in version 2.3.1.2."}, {"lang": "es", "value": "iccDEV proporciona un conjunto de bibliotecas y herramientas que permiten la interacción, manipulación y aplicación de perfiles de gestión de color ICC. Antes de la versión 2.3.1.2, iccDEV es vulnerable a la desreferencia de puntero NULL a través del analizador de calculadora XML. Este problema ha sido parcheado en la versión 2.3.1.2."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-252"}, {"lang": "en", "value": "CWE-476"}, {"lang": "en", "value": "CWE-690"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-476"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.3.1.2", "matchCriteriaId": "D34CF745-E75A-4F1C-AD7B-9AC1A2E9F680"}]}]}], "references": [{"url": "https://github.com/InternationalColorConsortium/iccDEV/commit/75f124f40ba45491211cb4b67f0e05b7c7d59553", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/InternationalColorConsortium/iccDEV/commit/bdfa31940726aaabb0a6f19194d9062ba0598959", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/InternationalColorConsortium/iccDEV/issues/375", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking"]}, {"url": "https://github.com/InternationalColorConsortium/iccDEV/pull/404", "source": "[email protected]", "tags": ["Issue Tracking"]}, {"url": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-6822-qvxq-m736", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.