CVE-2026-24407
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
Lifecycle Timeline
4Description
iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in icSigCalcOp(). This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs. Successful exploitation may allow an attacker to perform DoS, manipulate data, bypass application logic and Code Execution. This issue has been fixed in version 2.3.1.2.
Analysis
iccDEV versions 2.3.1.1 and earlier allow remote attackers to trigger undefined behavior in the icSigCalcOp() function through malicious ICC color profiles, enabling denial of service, data manipulation, or potential code execution. The vulnerability stems from unsafe handling of user-controllable input in binary profile data, and public exploit code exists. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all systems running iccDEV versions 2.3.1.1 and below; isolate affected systems from critical workflows if patching cannot be completed immediately. Within 7 days: Apply available vendor patch to all affected installations; validate patch deployment across the environment. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today