CVE-2026-24856

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.2

Description iccDEV is a set of libraries and tools for interacting with ICC color management profiles. A flaw exists in versions prior to 2.3.1.2 where undefined behavior occurs during the conversion of floating-point NaN values to unsigned short integer types when parsing ICC profile XML data. This can lead to memory corruption and potential arbitrary code execution. The issue arises from unsafe handling of user-controllable input incorporated into ICC profile data, creating ICC Profile Injection vulnerabilities.

Recommendations Update to iccDEV version 2.3.1.2 or later.