Cyber Posture

CVE-2026-24852

Medium

Published: 28 January 2026

Published
28 January 2026
Modified
03 February 2026
KEV Added
Patch
CVSS Score 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
EPSS Score 0.0001 1.4th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-24852 is a medium-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Color Iccdev. Its CVSS base score is 6.1 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 1.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Malicious File (T1204.002) and 1 other technique.
Threat & Defense Details

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
attack.mitre.org →
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
Why these techniques?

Malicious ICC profile file triggers the over-read when opened by victim application (T1204.002); exploitation directly produces application crash/DoS (T1499.004). Heap leak is incidental and does not map cleanly to a specific technique.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, a heap buffer over-read when the strlen() function attempts to read a non-null-terminated buffer potentially…

more

leaking heap memory contents and causing application termination. This vulnerability affects users of the iccDEV library who process ICC color profiles. ICC Profile Injection vulnerabilities arise when user-controllable input is incorporated into ICC profile data or other structured binary blobs in an unsafe manner. Version 2.3.1.2 contains a fix for the issue. No known workarounds are available.

Deeper analysisAI

CVE-2026-24852 is a heap buffer over-read vulnerability in the iccDEV library, a set of libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions prior to 2.3.1.2, the issue occurs when the strlen() function processes a non-null-terminated buffer, potentially leaking heap memory contents and causing application termination. This affects users of the iccDEV library who process ICC color profiles, with associated CWEs including CWE-122, CWE-125, and CWE-170.

The vulnerability carries a CVSS v3.1 base score of 6.1 (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H). A local attacker with no privileges can exploit it by tricking a user into processing a malicious ICC profile via an application using the library, resulting in low-impact confidentiality loss through heap memory leakage and high-impact availability disruption from application crashes.

The vulnerability is addressed in iccDEV version 2.3.1.2. The International Color Consortium's GitHub security advisory (GHSA-q8g2-mp32-3j7f), pull request #540, and commit 3092499cd4d0775f4a716b999899f9c26f9bc614 provide details on the fix. No known workarounds are available.

Details

CWE(s)
CWE-122CWE-125CWE-170

Affected Products

color
iccdev
≤ 2.3.1.2

CVEs Like This One

CVE-2026-21491Same product: Color Iccdev
CVE-2026-27692Same product: Color Iccdev
CVE-2026-21488Same product: Color Iccdev
CVE-2026-21684Same product: Color Iccdev
CVE-2026-21500Same product: Color Iccdev
CVE-2026-21494Same product: Color Iccdev
CVE-2026-21686Same product: Color Iccdev
CVE-2026-21685Same product: Color Iccdev
CVE-2026-21490Same product: Color Iccdev
CVE-2026-21681Same product: Color Iccdev

References