Cyber Posture

CVE-2026-24405

HighPublic PoC

Published: 24 January 2026

Published
24 January 2026
Modified
30 January 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0014 34.3th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccMpeCalculator::Read(). This occurs when user-controllable input is unsafely incorporated into ICC profile data or…

more

other structured binary blobs. Successful exploitation may allow an attacker to perform DoS, manipulate data, bypass application logic and Code Execution. This issue has been fixed in version 2.3.1.2.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

SI-2 requires timely flaw remediation, directly mitigating this CVE by mandating upgrades from vulnerable iccDEV versions 2.3.1.1 and below to the patched 2.3.1.2.

SI-10 Information Input Validation good match
prevent

SI-10 enforces information input validation, addressing the root cause of improper bounds checking on user-controllable ICC profile data in CIccMpeCalculator::Read().

SI-16 Memory Protection partial match
prevent

SI-16 implements memory protections that hinder exploitation of the heap buffer overflow for code execution, data manipulation, or DoS even if input validation fails.

Security SummaryAI

CVE-2026-24405 is a heap buffer overflow vulnerability in the iccDEV library, which provides tools and libraries for interacting with, manipulating, and applying ICC color management profiles. The flaw resides in the CIccMpeCalculator::Read() function and affects versions 2.3.1.1 and prior. It arises when user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs, leading to improper bounds checking as indicated by associated CWE-20 (Improper Input Validation) and CWE-122 (Heap-based Buffer Overflow). The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

Remote attackers without privileges can exploit this vulnerability by tricking users into processing a specially crafted ICC profile, such as via email attachments, web downloads, or applications that handle color profiles. Successful exploitation requires user interaction but enables denial of service through crashes, data manipulation, bypassing application logic, and potential remote code execution with high impacts on confidentiality, integrity, and availability.

The issue has been addressed in iccDEV version 2.3.1.2, as detailed in the project's GitHub security advisory (GHSA-2r5c-5w66-47vv), issue tracker (#479), and the fixing commit (d22fc174866e2521f8a5f9393fab5be306329f62). Security practitioners should prioritize upgrading affected iccDEV instances and validate inputs when parsing ICC profiles to mitigate risks.

Details

CWE(s)
CWE-20CWE-122

Affected Products

color
iccdev
≤ 2.3.1.2

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
attack.mitre.org →
T1566.001 Spearphishing Attachment Initial Access
Adversaries may send spearphishing emails with a malicious attachment in an attempt to gain access to victim systems.
attack.mitre.org →
Why these techniques?

Heap buffer overflow exploited via user interaction with crafted ICC profiles in email attachments or downloads, enabling client-side exploitation (T1203) and spearphishing attachment delivery (T1566.001).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References