Cyber Posture

CVE-2026-24404

HighPublic PoC

Published: 24 January 2026

Published
24 January 2026
Modified
30 January 2026
KEV Added
Patch
CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
EPSS Score 0.0014 34.5th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Description

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, CIccXmlArrayType() contains a Null Pointer Dereference and Undefined Behavior vulnerability. This occurs when user-controllable input is unsafely incorporated into ICC…

more

profile data or other structured binary blobs. Successful exploitation may allow an attacker to perform DoS, manipulate data, bypass application logic and Code Execution. This issue has been fixed in version 2.3.1.2.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Requires timely identification, reporting, and correction of flaws such as the null pointer dereference in iccDEV, directly addressing the vulnerability via patching to version 2.3.1.2.

SI-10 Information Input Validation good match
prevent

Mandates validation of all user inputs including malicious ICC profile data to prevent unsafe incorporation leading to null pointer dereferences and undefined behavior.

SI-11 Error Handling good match
prevent

Ensures errors from invalid inputs or null pointers are handled without compromising system security, mitigating DoS crashes, data manipulation, and potential code execution.

Security SummaryAI

CVE-2026-24404 is a Null Pointer Dereference and Undefined Behavior vulnerability in the CIccXmlArrayType() function within iccDEV, a set of libraries and tools for interacting with, manipulating, and applying ICC color management profiles. The flaw affects versions 2.3.1.1 and below, where user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs, leading to improper handling. Associated CWEs include CWE-20 (Improper Input Validation), CWE-476 (NULL Pointer Dereference), CWE-690 (Unchecked Return Value to NULL Pointer Dereference), and CWE-758 ( Reliance on Undefined, Unspecified, or Implementation-Defined Behavior). The vulnerability carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H), indicating high availability impact with low integrity impact.

Remote attackers without privileges can exploit this vulnerability by tricking users into processing maliciously crafted ICC profiles or binary blobs via applications that rely on iccDEV for color management. Exploitation requires user interaction, such as opening a file, but can result in denial of service through crashes, data manipulation, bypassing application logic, or even code execution under certain conditions.

The issue has been addressed in iccDEV version 2.3.1.2. Official mitigation details are available in the project's GitHub security advisory (GHSA-hqfg-45jp-hp9f), related issue tracker (#488), and the fixing commit (cd637eb33f0c8055fa54d8776e00555d3d39ef0c), which practitioners should review for patch deployment and upgrade guidance in affected environments.

Details

CWE(s)
CWE-20CWE-476CWE-690CWE-758

Affected Products

color
iccdev
≤ 2.3.1.2

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
attack.mitre.org →
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
Why these techniques?

Vulnerability enables client-side exploitation via malicious ICC profiles for code execution (T1203) and application crashes/DoS (T1499.004), requiring user interaction.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References