CVE-2026-24404

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.2

Description The iccDEV library contains a flaw in the CIccXmlArrayType() function that can lead to a Null Pointer Dereference and Undefined Behavior. This happens when user-controlled input is used in ICC profile data or other binary structures. Successful exploitation could allow an attacker to cause a denial of service, manipulate data, bypass application logic, and potentially achieve code execution.

Recommendations Update to version 2.3.1.2 or later.

Exploit

Fix

DoS

NULL Pointer Dereference

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-690CWE-758CWE-20

Related Identifiers

CVE-2026-24404

GHSA-HQFG-45JP-HP9F

Affected Products

Iccdev

CVE-2026-24404

Weakness Enumeration

Related Identifiers

Affected Products

References · 10