Cyber Resilience

CVE-2026-21676

HighPublic PoC

Published: 06 January 2026

Published
06 January 2026
Modified
12 January 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0034 26.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-21676 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Color Iccdev. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 26.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-21676 is a heap-based buffer overflow vulnerability in the CIccMBB::Validate function of iccDEV, a set of libraries and tools for working with ICC color management profiles. The flaw occurs during tag data validity checks and affects all versions 2.3.1 and below. It has been assigned a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and is associated with CWE-122 (Heap-based Buffer Overflow).

A remote, unauthenticated attacker can exploit this vulnerability by tricking a user into processing a specially crafted ICC color profile, such as by opening a malicious image file in an application that uses iccDEV. Successful exploitation requires user interaction but no privileges, allowing the attacker to achieve high-impact confidentiality, integrity, and availability effects, potentially leading to arbitrary code execution or denial of service on the affected system.

The issue was fixed in iccDEV version 2.3.1.1, as detailed in the project's GitHub security advisory (GHSA-j5vv-p2hv-c392), related issue tracker (#215), and the specific commit (e4c38a67d06073b38d58580b0cfc78ca61005f84). Security practitioners should advise updating to the patched version and auditing applications that parse ICC profiles for exposure.

EU & UK References

Vulnerability details

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have a Heap-based Buffer Overflow in its CIccMBB::Validate function which checks tag data validity. This issue is fixed in version 2.3.1.1.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Heap buffer overflow in ICC profile parser enables client-side RCE via malicious image file requiring user execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-31796Same product: Color Iccdev
CVE-2026-25582Same product: Color Iccdev
CVE-2026-30985Same product: Color Iccdev
CVE-2026-30979Same product: Color Iccdev
CVE-2026-21678Same product: Color Iccdev
CVE-2026-24411Same product: Color Iccdev
CVE-2026-21682Same product: Color Iccdev
CVE-2026-24856Same product: Color Iccdev
CVE-2026-25584Same product: Color Iccdev
CVE-2026-30987Same product: Color Iccdev

Affected Assets

color
iccdev
≤ 2.3.1.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the vulnerability by requiring organizations to identify, report, and remediate flaws like this heap-based buffer overflow through timely patching to iccDEV version 2.3.1.1.

prevent

Provides memory protections such as ASLR, DEP, and stack canaries that mitigate exploitation of heap-based buffer overflows in libraries like iccDEV.

prevent

Requires validation of untrusted inputs like specially crafted ICC color profiles to reject malformed tag data before it reaches the vulnerable CIccMBB::Validate function.

References