CVE-2026-24411
Published: 24 January 2026
Summary
CVE-2026-24411 is a high-severity Improper Input Validation (CWE-20) vulnerability in Color Iccdev. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 37.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates timely patching of the specific undefined behavior flaw in iccDEV versions <=2.3.1.1, as fixed in 2.3.1.2.
Enforces validation of user-controllable ICC profile inputs to block malformed data causing improper input handling and UB in CIccTagXmlSegmentedCurve::ToXml().
Provides memory safeguards against exploitation of UB, NULL pointer dereferences, and potential code execution from malformed ICC profiles.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability exploited remotely via user interaction with malicious ICC profile file, enabling client-side exploitation for code execution, DoS, or data manipulation.
NVD Description
iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in CIccTagXmlSegmentedCurve::ToXml(). This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary…
more
blobs. Successful exploitation may allow an attacker to perform DoS, manipulate data, bypass application logic and Code Execution. This issue has been fixed in version 2.3.1.2.
Deeper analysisAI
CVE-2026-24411 is an Undefined Behavior vulnerability in the iccDEV libraries and tools, which are used for interacting with, manipulating, and applying ICC color management profiles. The issue resides in the CIccTagXmlSegmentedCurve::ToXml() function and affects versions 2.3.1.1 and prior. It arises when user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs, leading to potential exploitation. The vulnerability is rated with a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H) and is associated with CWEs 20 (Improper Input Validation), 476 (NULL Pointer Dereference), 690 (Unchecked Return Value to NULL Pointer Dereference), and 758 ( Reliance on Undefined, Unspecified, or Implementation-Defined Behavior).
Remote attackers with no privileges can exploit this vulnerability over the network with low complexity, but it requires user interaction, such as opening a malicious ICC profile. Successful exploitation could result in denial of service (high availability impact), data manipulation (low integrity impact), bypassing application logic, or even code execution, depending on the context of the affected software processing the profile.
Mitigation is available via an update to iccDEV version 2.3.1.2, as detailed in the project's GitHub security advisory (GHSA-x53f-7h27-9fc8), issue tracker (#499), and the fixing commit (d6d6f51a999d4266ec09347cac7e0930d6e02eec). Security practitioners should advise users of affected applications to apply this patch promptly and validate ICC profiles from untrusted sources.
Details
- CWE(s)