Home > Vulnerability Database > CVE-2026-21493

Mend.io Vulnerability Database

CVE-2026-21493

Good to know:

Date: January 6, 2026

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Type Confusion in its CIccSingleSampledeCurveXml class during XML Curve Serialization. This issue is fixed in version 2.3.1.2.

Severity Score

6.6

Related Resources (5)

Url: https://github.com/InternationalColorConsortium/iccDEV/issues/358

Url: https://nvd.nist.gov/vuln/detail/CVE-2026-21493

Url: https://github.com/InternationalColorConsortium/iccDEV/commit/7ff76d1471077172f9659de8d9536443eac7c48f

Url: https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-p85g-f9q7-jmjx

Url: https://www.mend.io/vulnerability-database/CVE-2026-21493

Severity Score

6.6

Weakness Type (CWE)

Reliance on Data/Memory Layout

CWE-188

Access of Resource Using Incompatible Type ('Type Confusion')

CWE-843

Improper Check or Handling of Exceptional Conditions

CWE-703

Top Fix

Upgrade Version

Upgrade to version https://github.com/InternationalColorConsortium/iccDEV.git - v2.3.1.2

Learn More

CVSS v3.1

Base Score:	6.6
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2026-21493

Good to know:

Date: January 6, 2026

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?