Login Sign Up

CVE-2026-24407

7.1 HIGH
Remote Code Execution Denial of Service

📋 TL;DR

CVE-2026-24407 is an undefined behavior vulnerability in iccDEV's icSigCalcOp() function that allows attackers to manipulate ICC color profile data. Successful exploitation could lead to denial of service, data manipulation, logic bypass, or remote code execution. This affects all users of iccDEV versions 2.3.1.1 and below who process untrusted ICC profiles.

💻 Affected Systems

Products:
  • iccDEV
Versions: 2.3.1.1 and below
Operating Systems: All platforms running iccDEV
Default Config Vulnerable: ⚠️ Yes
Notes: Any application using iccDEV libraries to process ICC color profiles is vulnerable when handling untrusted input

📦 What is this software?

Iccdev by Color

View all CVEs affecting Iccdev →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with full system compromise through malicious ICC profile processing

🟠

Likely Case

Denial of service or application crashes when processing malformed ICC profiles

🟢

If Mitigated

Limited impact with proper input validation and sandboxing of profile processing

🌐 Internet-Facing: MEDIUM - Requires processing of attacker-controlled ICC profiles, which could come from uploads or external sources
🏢 Internal Only: LOW - Typically requires local file processing or specific workflow integration

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting malicious ICC profiles and getting them processed by vulnerable systems

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.3.1.2

Vendor Advisory: https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-m6gx-93cp-4855

Restart Required: Yes

Instructions:

1. Update iccDEV to version 2.3.1.2 or later. 2. Rebuild any applications using iccDEV libraries. 3. Restart affected services.

🔧 Temporary Workarounds

Input validation for ICC profiles

all

Implement strict validation of ICC profile files before processing

Sandbox profile processing

all

Isolate ICC profile processing in restricted environments

🧯 If You Can't Patch

  • Implement strict file upload restrictions for ICC profiles
  • Disable automatic processing of untrusted ICC profiles

🔍 How to Verify

Check if Vulnerable:

Check iccDEV version using package manager or by examining installed libraries

Check Version:

iccdev --version or check package manager (apt list iccdev, yum list iccdev, etc.)

Verify Fix Applied:

Verify iccDEV version is 2.3.1.2 or higher and test with known safe ICC profiles

📡 Detection & Monitoring

Log Indicators:

  • Application crashes during ICC profile processing
  • Memory access violation errors
  • Unexpected process termination

Network Indicators:

  • Unusual ICC profile uploads
  • Multiple failed processing attempts

SIEM Query:

process_name:iccdev AND (event_type:crash OR error_code:memory_access)

📊 Metadata

CVE ID: CVE-2026-24407
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
CWE: CWE-20
EPSS Score: 0.13% exploit probability (33th percentile)
Published: January 24, 2026
Last Updated: January 30, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-24407, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)