CVE-2026-24412

HighPublic PoC

Published: 24 January 2026

Published

24 January 2026

Modified

30 January 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0014 34.3th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have aHeap Buffer Overflow vulnerability in the CIccTagXmlSegmentedCurve::ToXml() function. This occurs when user-controllable input is unsafely incorporated into ICC profile data…

or other structured binary blobs. Successful exploitation may allow an attacker to perform DoS, manipulate data, bypass application logic and Code Execution. This issue has been fixed in version 2.3.1.2.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

SI-2 requires timely flaw remediation, directly mitigating this CVE by applying the patch to iccDEV version 2.3.1.2 that fixes the heap buffer overflow.

SI-10 Information Input Validation good match

prevent

SI-10 enforces information input validation, preventing exploitation by validating user-controllable ICC profile data before processing in the ToXml() function.

SI-16 Memory Protection partial match

prevent

SI-16 implements memory protection mechanisms like ASLR and DEP, reducing the impact of heap buffer overflows by limiting memory corruption and code execution.

Security SummaryAI

CVE-2026-24412 is a heap buffer overflow vulnerability in the iccDEV library, which provides tools and libraries for interacting with, manipulating, and applying ICC color management profiles. The flaw resides in the CIccTagXmlSegmentedCurve::ToXml() function and affects versions 2.3.1.1 and earlier. It arises when user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs, leading to potential memory corruption. The vulnerability is rated 8.8 on the CVSS 3.1 scale (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and is associated with CWE-20 (Improper Input Validation) and CWE-122 (Heap-based Buffer Overflow).

Attackers can exploit this vulnerability remotely over the network with low complexity and no required privileges, though user interaction is necessary, such as convincing a victim to process a malicious ICC profile. Exploitation enables denial of service, data manipulation, bypassing application logic, and arbitrary code execution, with high impacts on confidentiality, integrity, and availability.

Mitigation is available via an upgrade to iccDEV version 2.3.1.2, which addresses the issue as detailed in the project's GitHub security advisory (GHSA-6rf4-63j2-cfrf), related issue tracker (#518), and fixing commit (2be3b125933a57fe8b6624e9dfd69d8e5360bf70). Security practitioners should audit dependent applications handling ICC profiles for vulnerable versions and apply patches promptly.

Details

CWE(s): CWE-20 CWE-122

Affected Products

color

iccdev

≤ 2.3.1.2

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

Why these techniques?

Heap buffer overflow vulnerability in iccDEV library enables remote exploitation for client execution (arbitrary code execution) via malicious ICC profiles requiring user interaction.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/InternationalColorConsortium/iccDEV/commit/2be3b125933a57fe8b6624e9dfd69d8e5360bf70
Patch · security-advisories@github.com
https://github.com/InternationalColorConsortium/iccDEV/issues/518
Exploit, Issue Tracking · security-advisories@github.com
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-6rf4-63j2-cfrf
Patch, Vendor Advisory · security-advisories@github.com