Cyber Posture

CVE-2026-21679

HighPublic PoC

Published: 07 January 2026

Published
07 January 2026
Modified
09 January 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0014 33.2th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-21679 is a high-severity Improper Input Validation (CWE-20) vulnerability in Color Iccdev. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 33.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Malicious File (T1204.002). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly addresses the CWE-20 improper input validation root cause by validating ICC profile inputs to prevent heap buffer overflows in CIccLocalizedUnicode::GetText().

SI-16 Memory Protection good match
prevent

Provides memory protections such as non-executable heaps and address space randomization to mitigate exploitation of the heap buffer overflow vulnerability.

SI-2 Flaw Remediation good match
prevent

Ensures timely patching to iccDEV version 2.3.1.2 or later, which specifically remediates the heap buffer overflow flaw.

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
attack.mitre.org →
Why these techniques?

Heap buffer overflow in ICC profile processing library enables RCE via malicious file opened by user.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap-buffer-overflow in CIccLocalizedUnicode::GetText(). This issue has been patched in version 2.3.1.2.

Deeper analysisAI

CVE-2026-21679 is a heap-buffer-overflow vulnerability in the iccDEV libraries and tools, which enable interaction, manipulation, and application of ICC color management profiles. The flaw resides in the CIccLocalizedUnicode::GetText() function and affects versions prior to 2.3.1.2. It is classified under CWE-20 (Improper Input Validation) and CWE-787 (Out-of-bounds Write), with a CVSS v3.1 base score of 8.8.

Remote attackers without privileges can exploit this vulnerability over the network with low complexity, but it requires user interaction, such as processing a malicious ICC profile. Successful exploitation enables high-impact confidentiality, integrity, and availability violations, potentially allowing arbitrary code execution, data corruption, or denial of service on the affected system.

The vulnerability has been addressed in iccDEV version 2.3.1.2. Mitigation details are available in the project's GitHub security advisory (GHSA-h4wg-473g-p5wc), issue tracker (#328), pull request (#329), and the patching commit (2eb25ab95f0db7664ec3850390b6f89e302e7039), which security practitioners should review for implementation guidance.

Details

CWE(s)
CWE-20CWE-787

Affected Products

color
iccdev
≤ 2.3.1.2

CVEs Like This One

CVE-2026-21501Same product: Color Iccdev
CVE-2026-21687Same product: Color Iccdev
CVE-2026-25583Same product: Color Iccdev
CVE-2026-21504Same product: Color Iccdev
CVE-2026-22255Same product: Color Iccdev
CVE-2026-21681Same product: Color Iccdev
CVE-2026-21489Same product: Color Iccdev
CVE-2026-21678Same product: Color Iccdev
CVE-2026-21494Same product: Color Iccdev
CVE-2026-21488Same product: Color Iccdev

References