Unrated severityNVD Advisory· Published Jan 6, 2026· Updated Jan 6, 2026
iccDEV has Type Confusion during XML Curve Serialization
CVE-2026-21493
Description
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Type Confusion in its CIccSingleSampledeCurveXml class during XML Curve Serialization. This issue is fixed in version 2.3.1.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- InternationalColorConsortium/iccDEVv5Range: < 2.3.1.2
Patches
Vulnerability mechanics
References
3- github.com/InternationalColorConsortium/iccDEV/commit/7ff76d1471077172f9659de8d9536443eac7c48fmitrex_refsource_MISC
- github.com/InternationalColorConsortium/iccDEV/issues/358mitrex_refsource_MISC
- github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-p85g-f9q7-jmjxmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.