Cyber Resilience

CVE-2026-24403

HighPublic PoC

Published: 24 January 2026

Published
24 January 2026
Modified
30 January 2026
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
EPSS Score 0.0040 31.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-24403 is a high-severity Improper Input Validation (CWE-20) vulnerability in Color Iccdev. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 31.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-24403 is an integer overflow vulnerability in the iccDEV library, which provides tools and libraries for interacting with, manipulating, and applying ICC color management profiles. The flaw resides in the icValidateStatus CIccProfile::CheckHeader() function in versions 2.3.1.1 and prior, where user-controllable input from profile data is handled unsafely. Attackers can tamper with tag tables, offsets, or size fields to cause parsing errors, memory corruption, denial of service (DoS), or potentially arbitrary code execution and application logic bypass. The vulnerability is associated with CWE-20 (Improper Input Validation) and CWE-190 (Integer Overflow or Wraparound), earning a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H).

Any remote attacker can exploit this vulnerability by crafting a malicious ICC profile and tricking a user into processing it through an application that uses iccDEV, such as color management tools or software handling ICC profiles. Exploitation requires user interaction, like opening a file, but needs no privileges and has low complexity over a network vector. Successful attacks primarily yield high availability impact via DoS from memory corruption, with low integrity impact and no confidentiality loss, potentially escalating to code execution if chained with other flaws.

The issue has been addressed in iccDEV version 2.3.1.2. Official mitigation details are available in the project's GitHub security advisory (GHSA-ph33-qp8j-5q34), related issue tracker (#505), and the fixing commit (d993997005449a0a6958e65b057bd25e17dff89), recommending immediate upgrade to the patched version for affected deployments.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, an integer overflow vulnerability exists in icValidateStatus CIccProfile::CheckHeader() when user-controllable input is incorporated into profile data unsafely. Tampering with tag…

more

tables, offsets, or size fields can trigger parsing errors, memory corruption, or DoS, potentially enabling arbitrary Code Execution or bypassing application logic. This issue has been fixed in version 2.3.1.2.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Integer overflow in iccDEV library enables arbitrary code execution or DoS via crafted malicious ICC profiles processed by client applications using the library.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-21688Same product: Color Iccdev
CVE-2026-24407Same product: Color Iccdev
CVE-2026-21682Same product: Color Iccdev
CVE-2026-21677Same product: Color Iccdev
CVE-2026-24406Same product: Color Iccdev
CVE-2026-24412Same product: Color Iccdev
CVE-2026-21485Same product: Color Iccdev
CVE-2026-21693Same product: Color Iccdev
CVE-2026-24410Same product: Color Iccdev
CVE-2026-21486Same product: Color Iccdev

Affected Assets

color
iccdev
≤ 2.3.1.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 requires validation of information inputs to ensure they are as expected, directly addressing the improper input validation (CWE-20) in CIccProfile::CheckHeader() that allows tampered tag tables, offsets, or sizes to trigger integer overflow.

prevent

SI-2 mandates timely identification, reporting, and correction of system flaws, enabling prompt patching to version 2.3.1.2 which fixes the integer overflow vulnerability.

prevent

SI-16 implements memory protection mechanisms like address space layout randomization and data execution prevention to mitigate memory corruption and potential code execution from the integer overflow.

References