Home > Vulnerability Database > CVE-2026-21507

Mend.io Vulnerability Database

CVE-2026-21507

Good to know:

Date: January 5, 2026

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have an infinite loop in the IccProfile.cpp function, CalcProfileID. This issue is fixed in version 2.3.1.1.

Severity Score

7.5

Related Resources (5)

Url: https://github.com/InternationalColorConsortium/iccDEV/issues/244

Url: https://github.com/InternationalColorConsortium/iccDEV/commit/3f3ce789d0d2b608c194ed172fa38943519dc198

Url: https://nvd.nist.gov/vuln/detail/CVE-2026-21507

Url: https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-hgp5-r8m9-8qpj

Url: https://www.mend.io/vulnerability-database/CVE-2026-21507

Severity Score

7.5

Weakness Type (CWE)

Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-835

Top Fix

Upgrade Version

Upgrade to version https://github.com/InternationalColorConsortium/iccDEV.git - v2.3.1.1

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2026-21507

Good to know:

Date: January 5, 2026

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?