The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • Data Pipelines
      Security Data Pipeline for AI SIEM and Data Optimization
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2026-21495

CVE-2026-21495: iccDEV TIFF Reader DoS Vulnerability

CVE-2026-21495 is a denial of service flaw in iccDEV's TIFF Image Reader caused by division by zero. Attackers can exploit this to crash applications. This article covers technical details, affected versions, and mitigation.

Updated: January 22, 2026

CVE-2026-21495 Overview

CVE-2026-21495 is a division by zero vulnerability affecting iccDEV, a set of libraries and tools that enable interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, the TIFF Image Reader component in iccDEV fails to properly validate image parameters, allowing an attacker to trigger a division by zero condition through a maliciously crafted TIFF file.

Critical Impact

Exploitation of this vulnerability allows an attacker to cause application crashes through denial of service when processing specially crafted TIFF images with corrupted or zero-value parameters.

Affected Products

  • iccDEV versions prior to 2.3.1.2
  • Applications using the iccDEV TIFF Image Reader component
  • Systems processing ICC color management profiles from untrusted TIFF sources

Discovery Timeline

  • 2026-01-07 - CVE CVE-2026-21495 published to NVD
  • 2026-01-08 - Last updated in NVD database

Technical Details for CVE-2026-21495

Vulnerability Analysis

This vulnerability stems from improper input validation (CWE-20) in the TIFF image processing functionality within iccDEV. The TIFF Image Reader component fails to validate critical image parameters before using them in arithmetic operations, specifically m_nRowsPerStrip, m_nSamples, and m_nBitsPerSample. When these values are zero (either from a corrupted file or malicious manipulation), subsequent division operations result in undefined behavior, typically manifesting as application termination.

The vulnerability is locally exploitable, requiring user interaction to open a malicious TIFF file. While it does not permit arbitrary code execution or information disclosure, successful exploitation results in complete denial of service to the affected application.

Root Cause

The root cause is insufficient validation of TIFF metadata fields before performing calculations that depend on those values. The TiffImg.cpp file retrieves various TIFF tags including rows per strip, samples per pixel, and bits per sample directly from the file without verifying they contain valid, non-zero values. These parameters are subsequently used as divisors in image processing calculations, leading to division by zero when they contain zero values.

Attack Vector

The attack requires local access and user interaction. An attacker must craft a malicious TIFF file with manipulated metadata fields set to zero values, then convince a victim to open the file using an application that relies on the vulnerable iccDEV library. When the TIFF Image Reader attempts to process the file, it reads the corrupted parameters and triggers a division by zero condition during image calculations, causing the application to crash.

cpp
// Security patch from TiffImg.cpp
// Source: https://github.com/InternationalColorConsortium/iccDEV/commit/10c34179a0332a869c2b46e305a9cd23a6311dfe

   TIFFGetField(m_hTif, TIFFTAG_XRESOLUTION, &m_fXRes);
   TIFFGetField(m_hTif, TIFFTAG_YRESOLUTION, &m_fYRes);
   TIFFGetField(m_hTif, TIFFTAG_COMPRESSION, &m_nCompress);
+  
+  if (m_nRowsPerStrip == 0 || m_nSamples == 0 || m_nBitsPerSample == 0) {
+    // Corrupt parameters - can't read the file
+    // If the file is uncompressed, we might guess some of the values,
+    // but it would take a bit of testing to get right.  Probably not worth it.
+    Close();
+    return false;
+  }
+  
+  if (m_nRowsPerStrip > m_nHeight)
+    m_nRowsPerStrip = m_nHeight;    // best guess, to limit memory allocated
 
   //Validate what we expect to work with
   if ((m_nBitsPerSample==32 && nSampleFormat!=SAMPLEFORMAT_IEEEFP) ||

Detection Methods for CVE-2026-21495

Indicators of Compromise

  • Unexpected application crashes when processing TIFF image files
  • Crash dumps indicating division by zero exceptions in iccDEV library components
  • TIFF files with suspicious metadata containing zero values for RowsPerStrip, SamplesPerPixel, or BitsPerSample fields
  • Error logs showing abnormal TIFF processing failures

Detection Strategies

  • Deploy file integrity monitoring for TIFF files entering the environment from untrusted sources
  • Implement application crash monitoring to identify patterns of division by zero errors in image processing workflows
  • Use static analysis tools to scan incoming TIFF files for malformed metadata before processing
  • Monitor process termination events related to applications using iccDEV libraries

Monitoring Recommendations

  • Enable application crash reporting and correlate crashes in image processing applications
  • Implement logging at the file input layer to capture TIFF file metadata before processing
  • Configure SentinelOne endpoint protection to monitor for suspicious file operations targeting image processing applications
  • Establish baseline behavior for image processing workflows to detect anomalous crash patterns

How to Mitigate CVE-2026-21495

Immediate Actions Required

  • Upgrade iccDEV to version 2.3.1.2 or later immediately
  • Review any applications that integrate iccDEV libraries and plan update schedules
  • Restrict processing of TIFF files from untrusted sources until patching is complete
  • Implement input validation at the application layer as a defense-in-depth measure

Patch Information

The vulnerability has been addressed in iccDEV version 2.3.1.2. The patch adds explicit validation checks for critical TIFF parameters (m_nRowsPerStrip, m_nSamples, m_nBitsPerSample) immediately after reading them from the file. If any of these values are zero, the file is rejected as corrupt and processing is safely terminated. Additional bounds checking was also added to limit memory allocation when m_nRowsPerStrip exceeds the image height.

For complete patch details, refer to the GitHub Commit Update and the GitHub Security Advisory GHSA-xhrm-79rg-5784.

Workarounds

  • Implement pre-processing validation to check TIFF files for zero-value metadata fields before passing to iccDEV
  • Use sandboxing or containerization for applications processing untrusted TIFF files to limit crash impact
  • Deploy application-level wrappers that catch division by zero exceptions and handle them gracefully
  • Restrict user permissions to prevent opening TIFF files from untrusted sources in production environments
bash
# Configuration example
# Validate TIFF file metadata before processing with iccDEV tools
# Check for zero values in critical TIFF tags using tiffinfo

tiffinfo -D image.tiff | grep -E "Rows/Strip:|Samples/Pixel:|Bits/Sample:" | \
  awk '{if ($2 == 0) {print "INVALID: " $0; exit 1}}'

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeDOS
  • Vendor/TechIccdev
  • SeverityMEDIUM
  • CVSS Score5.5
  • EPSS Probability0.02%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityHigh
  • CWE References
  • CWE-20
  • Technical References
  • GitHub Commit Update
  • GitHub Security Advisory GHSA-xhrm-79rg-5784
  • Related CVEs
  • CVE-2026-31794: iccDEV Library DoS Vulnerability
  • CVE-2026-31792: iccDEV Library DoS Vulnerability
  • CVE-2026-31793: iccDEV ICC Color Management DoS Flaw
  • CVE-2026-25503: iccDEV ICC Profile DoS Vulnerability
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English