CVE-2026-21673— iccDEV has Integer Overflow/Underflow in CIccXmlArrayType::ParseTextCountNum()
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-21673
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
iccDEV has Integer Overflow/Underflow in CIccXmlArrayType::ParseTextCountNum()
Source: NVD (National Vulnerability Database)
Vulnerability Description
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have overflows and underflows in CIccXmlArrayType::ParseTextCountNum(). This vulnerability affects users of the iccDEV library who process ICC color profiles. This issue is fixed in version 2.3.1.1.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
整数溢出或超界折返
Source: NVD (National Vulnerability Database)
Vulnerability Title
iccDEV 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
iccDEV是International Color Consortium (ICC)开源的一个颜色配置代码库。 iccDEV 2.3.1及之前版本存在代码问题漏洞,该漏洞源于CIccXmlArrayType::ParseTextCountNum函数存在整数溢出和下溢,可能导致整数溢出攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| InternationalColorConsortium | iccDEV | < 2.3.1.1 | - |
II. Public POCs for CVE-2026-21673
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
Qwen3.6-35B-A3B · 11529 chars
Paid plan includes:
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month
III. Intelligence Information for CVE-2026-21673
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-21673 (1)
Vendor Advisories for CVE-2026-21673 (1)
Other References for CVE-2026-21673 (1)
Same Patch Batch · InternationalColorConsortium · 2026-01-06 · 16 CVEs total
| CVE-2026-21675 | 9.8 CRITICAL | iccDEV has a Use After Free vulnerability in CIccCmm class via improper hint manager objec |
| CVE-2026-21676 | 8.8 HIGH | iccDEV has a Heap-based Buffer Overflow in its CIccMBB::Validate() function |
| CVE-2026-21485 | 8.8 HIGH | iccDEV Undefined Behavior (UB) and Out of Memory in CIccProfile::LoadTag() |
| CVE-2026-21677 | 8.8 HIGH | iccDEV has Undefined Behavior in CIccCLUT::Init() |
| CVE-2026-21486 | 7.8 HIGH | Use After Free and Heap-based Buffer Overflow and Integer Overflow or Wraparound and Out-o |
| CVE-2026-21507 | 7.5 HIGH | iccDEV is Vulnerable to Denial of Service via Infinite Loop in CalcProfileID() |
| CVE-2026-21493 | 6.6 MEDIUM | iccDEV has Type Confusion during XML Curve Serialization |
| CVE-2026-21487 | 6.1 MEDIUM | iccDEV has Out-of-bounds Read, Use of Out-of-range Pointer Offset and Improper Input Valid |
| CVE-2026-21489 | 6.1 MEDIUM | iccDEV has Out-of-bounds Read and Integer Underflow (Wrap or Wraparound) |
| CVE-2026-21494 | 6.1 MEDIUM | iccDEV has heap buffer overflow in CIccTagLut8::Validate() |
| CVE-2026-21488 | 6.1 MEDIUM | iccDEV has Out-of-bounds Read, Heap-based Buffer Overflow and Improper Null Termination |
| CVE-2026-21491 | 6.1 MEDIUM | iccDEV has unicode buffer overflow in CIccTagTextDescription |
| CVE-2026-21490 | 6.1 MEDIUM | iccDEV has heap buffer overflow in CIccTagLut16::Validate() |
| CVE-2026-21492 | 5.5 MEDIUM | iccDEV ToneMap Writer has NULL Pointer Member Call |
| CVE-2026-21674 | 3.3 LOW | iccDEV has a Memory Leak in its CIccProfileXml::ParseTag() Error Path |
IV. Related Vulnerabilities
Same vendor: InternationalColorConsortium
Same weakness: CWE-190
- CVE-2026-24214
NVIDIA Triton Inference Server 输入验证错误漏洞 - CVE-2026-24210
NVIDIA Triton Inference Server 输入验证错误漏洞 - CVE-2026-43618
Rsync < 3.4.3 Integer Overflow Information Disclosure - CVE-2026-33642
Kitty has a Heap Buffer Over-Read/Write via Integer Overflow - CVE-2026-27781
kernel_liteos_a has an integer overflow vulnerability
V. Comments for CVE-2026-21673
No comments yet