CVE-2026-21507 HIGH

CVE-2026-21507: iccDEV is Vulnerable to Denial of Service via Infinite Loop in CalcProfileID()

Vendor Internationalcolorconsortium

Product iccDEV

Weakness CWE-835

Published January 6, 2026

Last update January 6, 2026

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have an infinite loop in the IccProfile.cpp function, CalcProfileID. This issue is fixed in version 2.3.1.1.

Key dates

02Disclosure timeline

January 6, 2026 CVE published

January 6, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-21507 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/835.html

Related vulnerabilities

CVE-2026-21507: iccDEV is Vulnerable to Denial of Service via Infinite Loop in CalcProfileID()

01Description

02Disclosure timeline

03References

04Related CVE