CVE-2026-24409

iccDEV has Undefined Behavior and Null Pointer Deference in CIccTagXmlFloatNum<>::ParseXml()

CVSS 7.1 HIGHEPSS 0.3%CWE-20 CWE-476 CWE-690 CWE-758

In short

A flaw in iccDEV's color profile parser allows attackers to crash the application or potentially execute code by sending malformed color profile data. The parser doesn't properly validate input when processing certain XML elements in ICC profiles.

Technical detail

CIccTagXmlFloatNum<>::ParseXml() fails to validate user-supplied input, leading to null pointer dereference and undefined behavior when processing malformed ICC profile XML data. An attacker can provide specially crafted profiles to trigger denial of service, data corruption, logic bypass, or code execution; patch available in version 2.3.1.2.

Summary generated and translated by AI from the official description.

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIccTagXmlFloatNum<>::ParseXml(). This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs. Successful exploitation may allow an attacker to perform DoS, manipulate data, bypass application logic and Code Execution. This issue has been fixed in version 2.3.1.2.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

Affected products

InternationalColorConsortium · iccDEV

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/InternationalColorConsortium/iccDEV/commit/9f134c44895edd2edca4bcb97e15c0ba9aa77382 https://github.com/InternationalColorConsortium/iccDEV/issues/484 https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-398v-jvcg-p8f3