Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-8x3r-c55w-7yef
SummaryiccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap buffer overflow in the ToneMap parser. This issue has been patched in version 2.3.1.2.
Aliases
0
alias CVE-2026-21504
Fixed_packages
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-21504
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03332
published_at 2026-06-11T12:55:00Z
1
value 0.00015
scoring_system epss
scoring_elements 0.03345
published_at 2026-06-14T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.03331
published_at 2026-06-13T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.03344
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-21504
1
reference_url https://github.com/InternationalColorConsortium/iccDEV/commit/14fe3785e6b1f9992375b2a24617a0d7f6a70f95
reference_id 14fe3785e6b1f9992375b2a24617a0d7f6a70f95
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-07T18:18:08Z/
url https://github.com/InternationalColorConsortium/iccDEV/commit/14fe3785e6b1f9992375b2a24617a0d7f6a70f95
2
reference_url https://github.com/InternationalColorConsortium/iccDEV/commit/23a38f83f2a5874a1c4427df59ec342af3277cad
reference_id 23a38f83f2a5874a1c4427df59ec342af3277cad
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-07T18:18:08Z/
url https://github.com/InternationalColorConsortium/iccDEV/commit/23a38f83f2a5874a1c4427df59ec342af3277cad
3
reference_url https://github.com/InternationalColorConsortium/iccDEV/issues/366
reference_id 366
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-07T18:18:08Z/
url https://github.com/InternationalColorConsortium/iccDEV/issues/366
4
reference_url https://github.com/InternationalColorConsortium/iccDEV/pull/415
reference_id 415
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-07T18:18:08Z/
url https://github.com/InternationalColorConsortium/iccDEV/pull/415
5
reference_url https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-rqp9-r53c-3m9h
reference_id GHSA-rqp9-r53c-3m9h
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-07T18:18:08Z/
url https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-rqp9-r53c-3m9h
6
reference_url https://github.com/InternationalColorConsortium/iccDEV/blob/798be59011649a26a529600cc3cd56437634d3d0/IccProfLib/IccMpeBasic.cpp#L4557
reference_id IccMpeBasic.cpp#L4557
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-07T18:18:08Z/
url https://github.com/InternationalColorConsortium/iccDEV/blob/798be59011649a26a529600cc3cd56437634d3d0/IccProfLib/IccMpeBasic.cpp#L4557
Weaknesses
0
cwe_id 122
name Heap-based Buffer Overflow
description A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
1
cwe_id 193
name Off-by-one Error
description A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.
2
cwe_id 787
name Out-of-bounds Write
description The product writes data past the end, or before the beginning, of the intended buffer.
Exploits
Severity_range_score6.6 - 6.6
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-8x3r-c55w-7yef