CVE-2026-21677
Published: 06 January 2026
Summary
CVE-2026-21677 is a high-severity Improper Input Validation (CWE-20) vulnerability in Color Iccdev. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 40.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates timely identification, reporting, and correction of software flaws like the undefined behavior in iccDEV's CIccCLUT::Init by updating to version 2.3.1.1.
Requires validation of information inputs such as malicious ICC profiles to block improper inputs that trigger undefined behavior and exploitation.
Enables vulnerability scanning to identify systems using vulnerable iccDEV versions, supporting remediation before exploitation via malicious profiles.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability allows remote attackers to exploit a client-side library flaw in iccDEV by tricking users into processing malicious ICC profiles, enabling arbitrary code execution which directly maps to Exploitation for Client Execution (T1203).
NVD Description
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have Undefined Behavior in its CIccCLUT::Init function which initializes and sets the size of a CLUT. This issue is fixed in…
more
version 2.3.1.1.
Deeper analysisAI
CVE-2026-21677 affects iccDEV, a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and prior contain undefined behavior in the CIccCLUT::Init function, which initializes and sets the size of a color lookup table (CLUT). This vulnerability, linked to CWE-20 (Improper Input Validation) and CWE-758 (Reliance on Undefined, Unspecified, or Implementation-Defined Behavior), carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
An unauthenticated remote attacker can exploit this vulnerability over the network with low complexity by tricking a user into processing a malicious ICC profile, such as via an application that handles color management files. Successful exploitation could result in high-impact confidentiality, integrity, and availability violations, potentially enabling arbitrary code execution, data corruption, or denial of service on the affected system.
The GitHub security advisory (GHSA-95w5-jvqf-3994) and related issues (#181) detail the fix in iccDEV version 2.3.1.1, implemented via commit 201125fbda22c8e4ea95800a6b427093fa4b8a22. Security practitioners should update to 2.3.1.1 or later and audit applications using iccDEV for handling untrusted ICC profiles.
Details
- CWE(s)