CVE-2026-24404

HighPublic PoC

Published: 24 January 2026

Published

24 January 2026

Modified

30 January 2026

KEV Added

—

Patch

—

CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

EPSS Score 0.0014 34.5th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-24404 is a high-severity Improper Input Validation (CWE-20) vulnerability in Color Iccdev. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 34.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-11 (Error Handling).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Requires timely identification, reporting, and correction of flaws such as the null pointer dereference in iccDEV, directly addressing the vulnerability via patching to version 2.3.1.2.

SI-10 Information Input Validation good match

prevent

Mandates validation of all user inputs including malicious ICC profile data to prevent unsafe incorporation leading to null pointer dereferences and undefined behavior.

SI-11 Error Handling good match

prevent

Ensures errors from invalid inputs or null pointers are handled without compromising system security, mitigating DoS crashes, data manipulation, and potential code execution.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

Vulnerability enables client-side exploitation via malicious ICC profiles for code execution (T1203) and application crashes/DoS (T1499.004), requiring user interaction.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, CIccXmlArrayType() contains a Null Pointer Dereference and Undefined Behavior vulnerability. This occurs when user-controllable input is unsafely incorporated into ICC…

profile data or other structured binary blobs. Successful exploitation may allow an attacker to perform DoS, manipulate data, bypass application logic and Code Execution. This issue has been fixed in version 2.3.1.2.

Deeper analysisAI

CVE-2026-24404 is a Null Pointer Dereference and Undefined Behavior vulnerability in the CIccXmlArrayType() function within iccDEV, a set of libraries and tools for interacting with, manipulating, and applying ICC color management profiles. The flaw affects versions 2.3.1.1 and below, where user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs, leading to improper handling. Associated CWEs include CWE-20 (Improper Input Validation), CWE-476 (NULL Pointer Dereference), CWE-690 (Unchecked Return Value to NULL Pointer Dereference), and CWE-758 ( Reliance on Undefined, Unspecified, or Implementation-Defined Behavior). The vulnerability carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H), indicating high availability impact with low integrity impact.

Remote attackers without privileges can exploit this vulnerability by tricking users into processing maliciously crafted ICC profiles or binary blobs via applications that rely on iccDEV for color management. Exploitation requires user interaction, such as opening a file, but can result in denial of service through crashes, data manipulation, bypassing application logic, or even code execution under certain conditions.

The issue has been addressed in iccDEV version 2.3.1.2. Official mitigation details are available in the project's GitHub security advisory (GHSA-hqfg-45jp-hp9f), related issue tracker (#488), and the fixing commit (cd637eb33f0c8055fa54d8776e00555d3d39ef0c), which practitioners should review for patch deployment and upgrade guidance in affected environments.

Details

CWE(s): CWE-20 CWE-476 CWE-690 CWE-758

Affected Products

color

iccdev

≤ 2.3.1.2

CVEs Like This One

CVE-2026-24409Same product: Color Iccdev

CVE-2026-24410Same product: Color Iccdev

CVE-2026-24411Same product: Color Iccdev

CVE-2026-21677Same product: Color Iccdev

CVE-2026-24407Same product: Color Iccdev

CVE-2026-30978Same product: Color Iccdev

CVE-2026-21688Same product: Color Iccdev

CVE-2026-21686Same product: Color Iccdev

CVE-2026-21684Same product: Color Iccdev

CVE-2026-21685Same product: Color Iccdev

References

https://github.com/InternationalColorConsortium/iccDEV/commit/cd637eb33f0c8055fa54d8776e00555d3d39ef0c
Patch · security-advisories@github.com
https://github.com/InternationalColorConsortium/iccDEV/issues/488
Exploit, Issue Tracking · security-advisories@github.com
https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-hqfg-45jp-hp9f
Patch, Vendor Advisory · security-advisories@github.com