Security Vulnerability Report
中文
CVE-2026-21502 CVSS 5.5 MEDIUM

CVE-2026-21502

Published: 2026-01-07 18:15:54
Last Modified: 2026-01-09 21:33:59
Source: [email protected]

Description

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML tag parser. This issue has been patched in version 2.3.1.2.

CVSS Details

CVSS Score
5.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:* - VULNERABLE
iccDEV < 2.3.1.2

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
/* * CVE-2026-21502 PoC - NULL Pointer Dereference in iccDEV XML Parser * This PoC demonstrates the vulnerability in iccDEV versions < 2.3.1.2 * * Note: This is a simplified demonstration of the vulnerability concept. * The actual exploit requires crafting a malicious ICC profile with specific * XML tags that trigger the NULL pointer dereference. */ #include <stdio.h> #include <stdlib.h> #include <string.h> // Simulated XML tag structure that triggers the vulnerability typedef struct { char* tag_name; char* attribute; char* value; } XMLTag; // Vulnerable function - simulates iccDEV XML parser behavior void parse_xml_tag(XMLTag* tag) { char* ptr = NULL; // Simulates uninitialized pointer // Vulnerability: Direct dereference without NULL check // In real iccDEV, this occurs when parsing specific XML tags printf("Processing tag: %s\n", tag->tag_name); // This simulates the vulnerable code path if (tag->attribute != NULL && strlen(tag->attribute) > 0) { ptr = (char*)malloc(10); // Allocate memory free(ptr); // Free the memory // Now ptr is NULL, but code continues without check } // Simulating NULL pointer dereference // In real vulnerability, this happens when accessing freed/null objects printf("Attribute value: %s\n", ptr); // NULL dereference here } int main() { printf("CVE-2026-21502 PoC - iccDEV NULL Pointer Dereference\n"); printf("===================================================\n\n"); XMLTag malicious_tag = { .tag_name = "ProfileDescriptionTag", .attribute = "localizedString", .value = "malicious_value" }; printf("Attempting to parse malicious ICC profile XML tag...\n"); parse_xml_tag(&malicious_tag); return 0; } /* * To exploit this vulnerability: * 1. Create a malicious ICC profile file * 2. Insert specially crafted XML tags that trigger NULL pointer dereference * 3. Use tools like iccMAX or iccJSON to process the file * 4. The parser will crash when encountering the malformed XML * * Real-world exploit would require: * - Understanding iccDEV's specific XML parsing implementation * - Crafting ICC profile with specific tag structures * - Triggering the vulnerable code path through normal application usage */

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-21502", "sourceIdentifier": "[email protected]", "published": "2026-01-07T18:15:54.247", "lastModified": "2026-01-09T21:33:58.750", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML tag parser. This issue has been patched in version 2.3.1.2."}, {"lang": "es", "value": "iccDEV proporciona un conjunto de bibliotecas y herramientas que permiten la interacción, manipulación y aplicación de perfiles de gestión de color ICC. Antes de la versión 2.3.1.2, iccDEV es vulnerable a la desreferencia de puntero nulo a través del analizador de etiquetas XML. Este problema ha sido parcheado en la versión 2.3.1.2."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-252"}, {"lang": "en", "value": "CWE-476"}, {"lang": "en", "value": "CWE-690"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-476"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.3.1.2", "matchCriteriaId": "D34CF745-E75A-4F1C-AD7B-9AC1A2E9F680"}]}]}], "references": [{"url": "https://github.com/InternationalColorConsortium/iccDEV/commit/d04c236775e89a029f93efcc242fdb1fbc245a1c", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/InternationalColorConsortium/iccDEV/commit/d9e42a1fb2606e25e498eb94f34f6da89f522e35", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/InternationalColorConsortium/iccDEV/issues/368", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking"]}, {"url": "https://github.com/InternationalColorConsortium/iccDEV/pull/407", "source": "[email protected]", "tags": ["Issue Tracking"]}, {"url": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-67r8-q3mh-42j6", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.