CVE-2026-24409

Name of the Vulnerable Software and Affected Versions iccDEV versions 2.3.1.1 and below

Description iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below contain Undefined Behavior and a Null Pointer Deference in the CIccTagXmlFloatNum<>::ParseXml() function. This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs. Successful exploitation may allow an attacker to perform Denial of Service (DoS), manipulate data, bypass application logic, and potentially achieve Code Execution.

Recommendations Update to version 2.3.1.2 or later.