CVE-2026-21504 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.6 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
GitHub_M	CNA	6.6 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 3%

Affected Products (NVD)

Vendor	Product	Version
color	iccdev	𝑥 < 2.3.1.2

𝑥

= Vulnerable software versions

Known Exploits!

https://github.com/InternationalColorConsortium/iccDEV/issues/366

Common Weakness Enumeration

CWE-122 - Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.

References

https://github.com/InternationalColorConsortium/iccDEV/blob/798be59011649a26a529600cc3cd56437634d3d0/IccProfLib/IccMpeBasic.cpp#L4557

https://github.com/InternationalColorConsortium/iccDEV/commit/14fe3785e6b1f9992375b2a24617a0d7f6a70f95

https://github.com/InternationalColorConsortium/iccDEV/commit/23a38f83f2a5874a1c4427df59ec342af3277cad

https://github.com/InternationalColorConsortium/iccDEV/issues/366

https://github.com/InternationalColorConsortium/iccDEV/pull/415

https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-rqp9-r53c-3m9h