Unrated severityNVD Advisory· Published Jan 24, 2026· Updated Jan 26, 2026

iccDEV Undefined Behavior in CIccProfile::CheckHeader() Leads to Integer Overflow

CVE-2026-24403

Description

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, an integer overflow vulnerability exists in icValidateStatus CIccProfile::CheckHeader() when user-controllable input is incorporated into profile data unsafely. Tampering with tag tables, offsets, or size fields can trigger parsing errors, memory corruption, or DoS, potentially enabling arbitrary Code Execution or bypassing application logic. This issue has been fixed in version 2.3.1.2.

Affected products

iccDEV/iccDEVllm-fuzzy
Range: <=2.3.1.1
InternationalColorConsortium/iccDEVv5
Range: < 2.3.1.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/InternationalColorConsortium/iccDEV/commits/d993997005449a0a6958e65b057bd25e17dff89mitrex_refsource_MISC
github.com/InternationalColorConsortium/iccDEV/issues/505mitrex_refsource_MISC
github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-ph33-qp8j-5q34mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000