Unrated severityNVD Advisory· Published Jan 24, 2026· Updated Jan 26, 2026

iccDEV has Heap Buffer Overflow in CIccMpeCalculator::Read()

CVE-2026-24405

Description

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccMpeCalculator::Read(). This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs. Successful exploitation may allow an attacker to perform DoS, manipulate data, bypass application logic and Code Execution. This issue has been fixed in version 2.3.1.2.

Affected products

iccDEV/iccDEVllm-fuzzy
Range: <=2.3.1.1
InternationalColorConsortium/iccDEVv5
Range: < 2.3.1.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/InternationalColorConsortium/iccDEV/commit/d22fc174866e2521f8a5f9393fab5be306329f62mitrex_refsource_MISC
github.com/InternationalColorConsortium/iccDEV/issues/479mitrex_refsource_MISC
github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-2r5c-5w66-47vvmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000