CVE-2026-24405 in iccDEVinformação

Sumário

de MITRE • 24/01/2026

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccMpeCalculator::Read(). This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs. Successful exploitation may allow an attacker to perform DoS, manipulate data, bypass application logic and Code Execution. This issue has been fixed in version 2.3.1.2.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Responsável

GitHub M

Reservar

22/01/2026

Divulgação

24/01/2026

Moderação

aceite

Entrada

VDB-342784

CPE

pronto

EPSS

0.00524

KEV

não

Atividades

muito baixo

Fontes

Do you know our Splunk app?

Download it now for free!