Cyber Resilience

CVE-2026-21500

MediumPublic PoC

Published: 07 January 2026

Published
07 January 2026
Modified
09 January 2026
KEV Added
Patch
CVSS Score v3.1 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score 0.0002 5.9th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-21500 is a medium-severity Improper Input Validation (CWE-20) vulnerability in Color Iccdev. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 5.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-21500 is a stack overflow vulnerability in the XML calculator macro expansion feature of iccDEV, a set of libraries and tools for interacting with, manipulating, and applying ICC color management profiles. The flaw affects iccDEV versions prior to 2.3.1.2 and has been assigned a CVSS v3.1 base score of 5.5 (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). It is associated with CWEs including CWE-20 (Improper Input Validation), CWE-400 (Uncontrolled Resource Consumption), CWE-674 (Uncontrolled Recursion), CWE-1119 (Excessive Data Query Operations), and CWE-787 (Out-of-bounds Write).

A local attacker with no privileges can exploit this vulnerability with low complexity by tricking a user into processing a malicious input, such as a crafted ICC profile or XML data involving macro expansion. Successful exploitation leads to a stack overflow, resulting in denial of service through application crash or instability, with no impact on confidentiality or integrity.

The vulnerability has been patched in iccDEV version 2.3.1.2, as detailed in the project's GitHub security advisory (GHSA-4h4j-mm9w-2cp4), issue tracker (#384), pull request (#406), and related commits (cce5f9b68a6c067b7ef898ccd5b000770745fb14 and f295826a6f15add90490030f23b2ddd8593bff5b). Security practitioners should update to the fixed version and validate inputs in color management workflows to mitigate risks.

EU & UK References

Vulnerability details

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to stack overflow in the XML calculator macro expansion. This issue has…

more

been patched in version 2.3.1.2.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Local crafted malicious file (ICC/XML) triggers stack overflow crash, mapping to user execution of malicious file and application exploitation for DoS.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-21681Same product: Color Iccdev
CVE-2026-21685Same product: Color Iccdev
CVE-2026-21686Same product: Color Iccdev
CVE-2026-21684Same product: Color Iccdev
CVE-2026-27692Same product: Color Iccdev
CVE-2026-31792Same product: Color Iccdev
CVE-2026-24852Same product: Color Iccdev
CVE-2026-21680Same product: Color Iccdev
CVE-2026-21491Same product: Color Iccdev
CVE-2026-25503Same product: Color Iccdev

Affected Assets

color
iccdev
≤ 2.3.1.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces validation of XML macro-expansion input in ICC profiles, blocking the malformed data that triggers the stack overflow.

prevent

Requires timely application of the vendor patch (v2.3.1.2) that eliminates the uncontrolled recursion and out-of-bounds write in macro expansion.

prevent

Provides memory-protection mechanisms that can contain or mitigate the effects of the stack overflow resulting from the CWE-787 write.

References