CVE-2026-21676

HighPublic PoC

Published: 06 January 2026

Published

06 January 2026

Modified

12 January 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0009 25.6th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-21676 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Color Iccdev. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 25.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly addresses the vulnerability by requiring organizations to identify, report, and remediate flaws like this heap-based buffer overflow through timely patching to iccDEV version 2.3.1.1.

SI-16 Memory Protection good match

prevent

Provides memory protections such as ASLR, DEP, and stack canaries that mitigate exploitation of heap-based buffer overflows in libraries like iccDEV.

SI-10 Information Input Validation partial match

prevent

Requires validation of untrusted inputs like specially crafted ICC color profiles to reject malformed tag data before it reaches the vulnerable CIccMBB::Validate function.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

T1204.002 Malicious File Execution

An adversary may rely upon a user opening a malicious file in order to gain execution.

attack.mitre.org →

Why these techniques?

Heap buffer overflow in ICC profile parser enables client-side RCE via malicious image file requiring user execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have a Heap-based Buffer Overflow in its CIccMBB::Validate function which checks tag data validity. This issue is fixed in version 2.3.1.1.

Deeper analysisAI

CVE-2026-21676 is a heap-based buffer overflow vulnerability in the CIccMBB::Validate function of iccDEV, a set of libraries and tools for working with ICC color management profiles. The flaw occurs during tag data validity checks and affects all versions 2.3.1 and below. It has been assigned a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and is associated with CWE-122 (Heap-based Buffer Overflow).

A remote, unauthenticated attacker can exploit this vulnerability by tricking a user into processing a specially crafted ICC color profile, such as by opening a malicious image file in an application that uses iccDEV. Successful exploitation requires user interaction but no privileges, allowing the attacker to achieve high-impact confidentiality, integrity, and availability effects, potentially leading to arbitrary code execution or denial of service on the affected system.

The issue was fixed in iccDEV version 2.3.1.1, as detailed in the project's GitHub security advisory (GHSA-j5vv-p2hv-c392), related issue tracker (#215), and the specific commit (e4c38a67d06073b38d58580b0cfc78ca61005f84). Security practitioners should advise updating to the patched version and auditing applications that parse ICC profiles for exposure.

Details

CWE(s): CWE-122

Affected Products

color

iccdev

≤ 2.3.1.1

CVEs Like This One

CVE-2026-31796Same product: Color Iccdev

CVE-2026-25582Same product: Color Iccdev

CVE-2026-30979Same product: Color Iccdev

CVE-2026-30985Same product: Color Iccdev

CVE-2026-21678Same product: Color Iccdev

CVE-2026-21682Same product: Color Iccdev

CVE-2026-30987Same product: Color Iccdev

CVE-2026-24411Same product: Color Iccdev

CVE-2026-25584Same product: Color Iccdev

CVE-2026-21673Same product: Color Iccdev

References

https://github.com/InternationalColorConsortium/iccDEV/commit/e4c38a67d06073b38d58580b0cfc78ca61005f84
Patch · security-advisories@github.com
https://github.com/InternationalColorConsortium/iccDEV/issues/215
Issue Tracking, Exploit, Vendor Advisory · security-advisories@github.com
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-j5vv-p2hv-c392
Patch, Vendor Advisory · security-advisories@github.com