CVE-2026-24407

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.2

Description The iccDEV software, which provides libraries and tools for interacting with ICC color management profiles, contains an issue in the icSigCalcOp() function. User-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs, leading to undefined behavior. Successful exploitation could result in denial of service, data manipulation, bypassing application logic, and potentially code execution.

Recommendations Update to version 2.3.1.2 or later.