Login Sign Up

CVE-2026-24856

7.8 HIGH
Remote Code Execution

📋 TL;DR

A memory corruption vulnerability in iccDEV library versions before 2.3.1.2 allows arbitrary code execution when processing malicious ICC color profiles. This affects any application using iccDEV for ICC profile parsing, particularly those handling user-uploaded or untrusted profile data. The vulnerability stems from undefined behavior when converting floating-point NaN values to unsigned short integers during XML parsing.

💻 Affected Systems

Products:
  • iccDEV library
  • Applications using iccDEV for ICC profile processing
Versions: All versions prior to 2.3.1.2
Operating Systems: All platforms where iccDEV is used
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability triggers when parsing ICC profiles containing floating-point NaN values in XML data.

📦 What is this software?

Iccdev by Color

View all CVEs affecting Iccdev →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the application using iccDEV, potentially leading to complete system compromise.

🟠

Likely Case

Application crash (denial of service) or limited memory corruption leading to unstable behavior.

🟢

If Mitigated

No impact if proper input validation and sandboxing prevent malicious profile processing.

🌐 Internet-Facing: HIGH if applications process user-uploaded ICC profiles without validation.
🏢 Internal Only: MEDIUM if internal systems process untrusted ICC profiles from external sources.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting malicious ICC profiles with specific NaN values. No public exploits available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.3.1.2

Vendor Advisory: https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-w585-cv3v-c396

Restart Required: Yes

Instructions:

1. Update iccDEV to version 2.3.1.2 or later. 2. Rebuild any applications using iccDEV. 3. Restart affected services.

🔧 Temporary Workarounds

No known workarounds

all

The advisory states no workarounds are available. Input validation may help but doesn't address the core vulnerability.

🧯 If You Can't Patch

  • Disable ICC profile processing in affected applications if possible
  • Implement strict input validation and sandboxing for ICC profile handling

🔍 How to Verify

Check if Vulnerable:

Check if applications use iccDEV version <2.3.1.2 via dependency checking or version strings.

Check Version:

Check library version in build configuration or runtime version information

Verify Fix Applied:

Verify iccDEV version is 2.3.1.2 or higher and applications have been rebuilt with the updated library.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes during ICC profile processing
  • Memory access violation errors

Network Indicators:

  • Unusual ICC profile uploads or transfers

SIEM Query:

Search for application crashes with iccDEV or ICC profile processing in error logs

📊 Metadata

CVE ID: CVE-2026-24856
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-20
EPSS Score: 0.03% exploit probability (9.4th percentile)
Published: January 28, 2026
Last Updated: February 3, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-24856, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)