CVE-2026-21673
Published: 06 January 2026
Summary
CVE-2026-21673 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Color Iccdev. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 7.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the vulnerability by requiring timely remediation through patching the iccDEV library to version 2.3.1.1, which fixes the integer overflows and underflows in CIccXmlArrayType::ParseTextCountNum().
Prevents exploitation of the parsing flaw by enforcing validation of untrusted ICC color profile inputs to detect and reject malformed data causing overflows and underflows.
Mitigates memory corruption from the overflow/underflow vulnerability through protections like address space randomization and non-executable memory, reducing arbitrary code execution risk.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local file-parsing vulnerability in ICC profile library directly enables client-side RCE via malicious file supplied by user (T1204.002) and exploitation of the client application (T1203).
NVD Description
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have overflows and underflows in CIccXmlArrayType::ParseTextCountNum(). This vulnerability affects users of the iccDEV library who process ICC color profiles. This issue…
more
is fixed in version 2.3.1.1.
Deeper analysisAI
CVE-2026-21673 is a vulnerability in the iccDEV library, which provides tools and libraries for working with ICC color management profiles. Versions 2.3.1 and earlier contain integer overflows and underflows in the CIccXmlArrayType::ParseTextCountNum() function. This issue affects any applications or users of the iccDEV library that process untrusted ICC color profiles.
The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating it requires local access, low attack complexity, no privileges, and user interaction. A local attacker can exploit it by supplying a malicious ICC profile that triggers the faulty parsing function, potentially leading to high-impact confidentiality, integrity, and availability violations, such as arbitrary code execution or denial of service.
Mitigation is available via an update to iccDEV version 2.3.1.1, which addresses the overflows and underflows. Official advisories, including the GitHub security advisory (GHSA-g66g-f82c-vgm6), issue tracker entry (#243), and fixing commit (32740802ee14418bd14c429d7e2f142d92cd5c4f), confirm the patch and provide details for remediation.
Details
- CWE(s)