iccDEV Undefined Behavior in CIccProfile::CheckHeader() Leads to Integer Overflow

7.1 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

Description

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, an integer overflow vulnerability exists in icValidateStatus CIccProfile::CheckHeader() when user-controllable input is incorporated into profile data unsafely. Tampering with tag tables, offsets, or size fields can trigger parsing errors, memory corruption, or DoS, potentially enabling arbitrary Code Execution or bypassing application logic. This issue has been fixed in version 2.3.1.2.

Basic Information

ID CVE-2026-24403

Source GitHub_M

Published Jan 24, 2026 at 00:46

Affected Product

Vendor InternationalColorConsortium

Product iccDEV

Version < 2.3.1.2

Affected Versions InternationalColorConsortium iccDEV < 2.3.1.2

CWE Classification

CWE-20 CWE-190

References

{
    "lastseen": "",
    "description": "iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, an integer overflow vulnerability exists in icValidateStatus CIccProfile::CheckHeader() when user-controllable input is incorporated into profile data unsafely. Tampering with tag tables, offsets, or size fields can trigger parsing errors, memory corruption, or DoS, potentially enabling arbitrary Code Execution or bypassing application logic. This issue has been fixed in version 2.3.1.2.",
    "published": "2026-01-24T00:46:14.018Z",
    "modified": "2026-01-24T00:46:14.018Z",
    "type": "cve",
    "title": "iccDEV Undefined Behavior in CIccProfile::CheckHeader() Leads to Integer Overflow",
    "source": "GitHub_M",
    "references": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-ph33-qp8j-5q34\nhttps://github.com/InternationalColorConsortium/iccDEV/issues/505\nhttps://github.com/InternationalColorConsortium/iccDEV/commits/d993997005449a0a6958e65b057bd25e17dff89",
    "id": "CVE-2026-24403",
    "bulletinFamily": "",
    "cwe": [
        "CWE-20",
        "CWE-190"
    ],
    "cvelist": null,
    "sourceData": "InternationalColorConsortium iccDEV < 2.3.1.2",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "iccDEV",
    "version": "< 2.3.1.2",
    "vendor": "InternationalColorConsortium",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

iccDEV Undefined Behavior in CIccProfile::CheckHeader() Leads to Integer Overflow_CVE-2026-24403