Vulnerability Description
iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, an integer overflow vulnerability exists in icValidateStatus CIccProfile::CheckHeader() when user-controllable input is incorporated into profile data unsafely. Tampering with tag tables, offsets, or size fields can trigger parsing errors, memory corruption, or DoS, potentially enabling arbitrary Code Execution or bypassing application logic. This issue has been fixed in version 2.3.1.2.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Color | Iccdev | < 2.3.1.2 |
Related Weaknesses (CWE)
References
- https://github.com/InternationalColorConsortium/iccDEV/commits/d993997005449a0a6Patch
- https://github.com/InternationalColorConsortium/iccDEV/issues/505ExploitIssue Tracking
- https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-PatchVendor Advisory
FAQ
What is CVE-2026-24403?
CVE-2026-24403 is a vulnerability with a CVSS score of 7.1 (HIGH). iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, an integer overflow vulnerability exists in icValidat...
How severe is CVE-2026-24403?
CVE-2026-24403 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-24403?
Check the references section above for vendor advisories and patch information. Affected products include: Color Iccdev.