CVE-2026-21504 identifies a heap-based buffer overflow vulnerability in the iccDEV library, a set of tools and libraries used for handling ICC color management profiles. The vulnerability resides in the ToneMap parser, which processes tone mapping data within ICC profiles. Prior to version 2.3.1.2, the parser does not properly validate input sizes, leading to a heap overflow when processing specially crafted ICC profiles. This overflow can corrupt memory, potentially causing application crashes (denial of service) or limited information leakage. The vulnerability requires local access with low privileges and user interaction, such as opening or processing a malicious ICC profile file. The CVSS v3.1 score is 6.6 (medium severity), reflecting the local attack vector, low attack complexity, no privileges required, but requiring user interaction. The impact on confidentiality and integrity is limited, but availability can be significantly affected. No public exploits are known, and the issue was patched in iccDEV version 2.3.1.2. The vulnerability is tracked under CWE-122 (Heap-based Buffer Overflow), CWE-193 (Off-by-one Error), and CWE-787 (Out-of-bounds Write), indicating improper bounds checking and memory handling errors in the parser code.

For European organizations, this vulnerability poses a moderate risk primarily to systems involved in digital imaging, printing, and color profile management that utilize iccDEV versions prior to 2.3.1.2. Exploitation could lead to application crashes disrupting workflows, potentially causing denial of service in critical color management pipelines. Although the confidentiality and integrity impact is low, disruption in availability can affect production environments, especially in industries reliant on precise color management such as publishing, advertising, and manufacturing. Since exploitation requires local access and user interaction, the threat is more relevant in environments where untrusted users or files can be introduced, such as shared workstations or systems processing external media files. The absence of known exploits reduces immediate risk but does not eliminate the potential for future attacks. Organizations with automated processing of ICC profiles or integration with third-party content should be particularly vigilant.

1. Upgrade all instances of iccDEV to version 2.3.1.2 or later to apply the official patch addressing the heap overflow. 2. Implement strict validation and sanitization of ICC profiles before processing, especially those sourced externally or from untrusted origins. 3. Restrict local system access to trusted users and processes to reduce the risk of malicious ICC profile introduction. 4. Monitor and audit workflows that handle ICC profiles for unusual crashes or behavior indicative of exploitation attempts. 5. Employ application whitelisting or sandboxing for tools that parse ICC profiles to contain potential exploitation impact. 6. Educate users about the risks of opening unverified color profile files and encourage cautious handling of external media. 7. Review and update incident response plans to include scenarios involving color profile parsing vulnerabilities.