Cyber Resilience

CVE-2026-31792

High

Published: 10 March 2026

Published
10 March 2026
Modified
13 March 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0001 2.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-31792 is a high-severity NULL Pointer Dereference (CWE-476) vulnerability in Color Iccdev. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 2.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-31792, published on 2026-03-10, is a null pointer dereference vulnerability (CWE-476) in iccDEV, a set of libraries and tools for working with ICC color management profiles. Versions prior to 2.3.1.5 are affected, with the flaw located in the CIccTagXmlStruct::ParseTag() function. Triggering the vulnerability causes a segmentation fault or denial of service, earning a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

A local attacker can exploit this vulnerability by tricking a user into processing a specially crafted ICC color profile using an affected iccDEV tool or library integration. No privileges are required, though the attack demands low complexity and user interaction, such as opening a malicious file. Successful exploitation leads to high-impact disruption, including application crashes, denial of service, and potential compromise of confidentiality, integrity, and availability.

The vulnerability is addressed in iccDEV version 2.3.1.5. Mitigation involves updating to this patched release. Official details are available in the GitHub security advisory (GHSA-j3mh-rjg5-8gw7), issue #633, pull request #639, and release tag v2.3.1.5.

EU & UK References

Vulnerability details

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a null pointer dereference in CIccTagXmlStruct::ParseTag() causing a segmentation fault or denial of service. This vulnerability is fixed in 2.3.1.5.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Malicious ICC profile file requires user interaction to trigger (T1204.002); null dereference enables application/system crash for DoS (T1499.004).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-21680Same product: Color Iccdev
CVE-2026-21686Same product: Color Iccdev
CVE-2026-21491Same product: Color Iccdev
CVE-2026-21681Same product: Color Iccdev
CVE-2026-21500Same product: Color Iccdev
CVE-2026-21684Same product: Color Iccdev
CVE-2026-25503Same product: Color Iccdev
CVE-2026-27692Same product: Color Iccdev
CVE-2026-21685Same product: Color Iccdev
CVE-2026-24852Same product: Color Iccdev

Affected Assets

color
iccdev
≤ 2.3.1.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

preventrecover

Directly requires timely identification, reporting, and correction of the null pointer dereference flaw in iccDEV versions prior to 2.3.1.5 to prevent exploitation and enable recovery.

detect

Vulnerability monitoring and scanning identifies the presence of vulnerable iccDEV libraries and tools affected by CVE-2026-31792.

prevent

Proper error handling mitigates the segmentation fault from null pointer dereference in CIccTagXmlStruct::ParseTag() when processing malformed ICC profiles.

References