Cyber Posture

CVE-2026-21486

High

Published: 06 January 2026

Published
06 January 2026
Modified
12 January 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0003 7.2th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-21486 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Color Iccdev. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 7.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Requires timely identification, reporting, and correction of flaws like CVE-2026-21486 by upgrading iccDEV to the patched version 2.3.1.2.

SI-16 Memory Protection good match
prevent

Implements memory protection mechanisms such as ASLR, DEP, and stack canaries that directly mitigate exploitation of use-after-free, heap buffer overflows, integer overflows, and out-of-bounds writes in the CIccSparseMatrix function.

SI-10 Information Input Validation partial match
prevent

Enforces input validation and bounds checking on ICC profiles to block malformed inputs that trigger the memory corruption vulnerabilities in iccDEV.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
attack.mitre.org →
Why these techniques?

Memory corruption in client-side ICC profile processing library directly enables client-side exploitation for code execution when a user opens a malicious file.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below contain Use After Free, Heap-based Buffer Overflow and Integer Overflow or Wraparound and Out-of-bounds Write vulnerabilities in its CIccSparseMatrix::CIccSparseMatrix function. This…

more

issue is fixed in version 2.3.1.2.

Deeper analysisAI

CVE-2026-21486 affects iccDEV, a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and prior contain multiple vulnerabilities in the CIccSparseMatrix::CIccSparseMatrix function, including Use After Free (CWE-416), Heap-based Buffer Overflow (CWE-122), Integer Overflow or Wraparound (CWE-190), and Out-of-bounds Write (CWE-787). These flaws were published on 2026-01-06 and assigned a CVSS v3.1 base score of 7.8.

An unprivileged local attacker can exploit these issues with low complexity if user interaction is involved, such as tricking a user into processing a malicious ICC profile. Successful exploitation enables high-impact outcomes, including arbitrary code execution, data tampering, or system crashes due to the memory corruption primitives.

The vulnerabilities are fixed in iccDEV version 2.3.1.2. Security practitioners should upgrade to this version, as detailed in the GitHub security advisory (GHSA-mg98-j5q2-674w) and the fixing commit (1ab7363f38a20089934d3410c88f714eea392bf5).

Details

CWE(s)
CWE-122CWE-190CWE-416CWE-787

Affected Products

color
iccdev
≤ 2.3.1.2

CVEs Like This One

CVE-2026-21485Same product: Color Iccdev
CVE-2026-24406Same product: Color Iccdev
CVE-2026-21682Same product: Color Iccdev
CVE-2026-24403Same product: Color Iccdev
CVE-2026-24412Same product: Color Iccdev
CVE-2026-25585Same product: Color Iccdev
CVE-2026-21688Same product: Color Iccdev
CVE-2026-22047Same product: Color Iccdev
CVE-2026-21693Same product: Color Iccdev
CVE-2026-31796Same product: Color Iccdev

References