CVE-2026-21495

Division by Zero in iccDEV TIFF Image Reader

CVSS 5.5 MEDIUMEPSS 0.1%CWE-20 CWE-369

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 5.5EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

07 jan 2026Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to division by zero in the TIFF Image Reader. This issue has been patched in version 2.3.1.2.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Produtos afetados

InternationalColorConsortium · iccDEV

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/InternationalColorConsortium/iccDEV/commit/10c34179a0332a869c2b46e305a9cd23a6311dfe https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-xhrm-79rg-5784