CVE-2026-24403
Published: 24 January 2026
Description
iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, an integer overflow vulnerability exists in icValidateStatus CIccProfile::CheckHeader() when user-controllable input is incorporated into profile data unsafely. Tampering with tag…
more
tables, offsets, or size fields can trigger parsing errors, memory corruption, or DoS, potentially enabling arbitrary Code Execution or bypassing application logic. This issue has been fixed in version 2.3.1.2.
Mitigating Controls (NIST 800-53 r5)AI
SI-10 requires validation of information inputs to ensure they are as expected, directly addressing the improper input validation (CWE-20) in CIccProfile::CheckHeader() that allows tampered tag tables, offsets, or sizes to trigger integer overflow.
SI-2 mandates timely identification, reporting, and correction of system flaws, enabling prompt patching to version 2.3.1.2 which fixes the integer overflow vulnerability.
SI-16 implements memory protection mechanisms like address space layout randomization and data execution prevention to mitigate memory corruption and potential code execution from the integer overflow.
Security SummaryAI
CVE-2026-24403 is an integer overflow vulnerability in the iccDEV library, which provides tools and libraries for interacting with, manipulating, and applying ICC color management profiles. The flaw resides in the icValidateStatus CIccProfile::CheckHeader() function in versions 2.3.1.1 and prior, where user-controllable input from profile data is handled unsafely. Attackers can tamper with tag tables, offsets, or size fields to cause parsing errors, memory corruption, denial of service (DoS), or potentially arbitrary code execution and application logic bypass. The vulnerability is associated with CWE-20 (Improper Input Validation) and CWE-190 (Integer Overflow or Wraparound), earning a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H).
Any remote attacker can exploit this vulnerability by crafting a malicious ICC profile and tricking a user into processing it through an application that uses iccDEV, such as color management tools or software handling ICC profiles. Exploitation requires user interaction, like opening a file, but needs no privileges and has low complexity over a network vector. Successful attacks primarily yield high availability impact via DoS from memory corruption, with low integrity impact and no confidentiality loss, potentially escalating to code execution if chained with other flaws.
The issue has been addressed in iccDEV version 2.3.1.2. Official mitigation details are available in the project's GitHub security advisory (GHSA-ph33-qp8j-5q34), related issue tracker (#505), and the fixing commit (d993997005449a0a6958e65b057bd25e17dff89), recommending immediate upgrade to the patched version for affected deployments.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Integer overflow in iccDEV library enables arbitrary code execution or DoS via crafted malicious ICC profiles processed by client applications using the library.