CVE-2026-24405
BaseFortify
Publication date: 2026-01-24
Last updated on: 2026-01-30
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| color | iccdev | to 2.3.1.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-24405 is a heap buffer overflow vulnerability in the function CIccMpeCalculator::Read() of the iccDEV package (versions 2.3.1.1 and below). It occurs when user-controllable input is unsafely processed as ICC profile data, which are structured binary blobs. Malformed or malicious ICC profile data can manipulate internal offsets, length fields, or tag tables, causing memory corruption or parsing errors. This can lead to denial of service, bypassing application logic, or even arbitrary code execution. The vulnerability arises from improper input validation and unchecked memory allocation when reading subelements, which was fixed by limiting the maximum number of subelements processed. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to cause a denial of service (crash) of applications using the vulnerable iccDEV library, manipulate data by bypassing application logic relying on ICC profile metadata, or potentially execute arbitrary code on your system. Since the attack vector is network-based and requires no privileges, an attacker could exploit this by providing malicious ICC profile data, leading to serious confidentiality, integrity, and availability impacts. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring the processing of ICC profile data, especially when using tools like iccToXml that parse ICC profiles. AddressSanitizer was used to detect the heap-buffer-overflow during execution of iccToXml, which indicates that running iccToXml on suspicious or untrusted ICC profiles with AddressSanitizer enabled can help detect exploitation attempts. Specific commands would include running iccToXml under AddressSanitizer, for example: `ASAN_OPTIONS=detect_stack_use_after_return=1 ./iccToXml suspicious_profile.icc`. Additionally, monitoring for crashes or abnormal behavior in applications processing ICC profiles may indicate exploitation attempts. [3]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the iccDEV package to version 2.3.1.2 or later, where the vulnerability has been fixed by adding a limit on the number of subelements processed to prevent excessive memory allocation and overflow. There are no workarounds provided, so updating to the patched version is essential. Avoid processing untrusted or malformed ICC profiles until the update is applied. [1, 2]