CVE-2026-24411
BaseFortify
Publication date: 2026-01-24
Last updated on: 2026-01-30
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| color | iccdev | to 2.3.1.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-758 | The product uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity. |
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
| CWE-690 | The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. |
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in iccDEV versions 2.3.1.1 and below occurs due to unsafe handling of user-controllable input in the CIccTagXmlSegmentedCurve::ToXml() function. Specifically, it involves undefined behavior caused by improper type casting (type confusion) when converting ICC color profile data to XML. This unsafe downcast leads to runtime errors and potential memory corruption because the program treats an object as a different type than it actually is. The flaw allows attackers to inject malicious ICC profile data, causing the program to behave unpredictably or crash. [2, 3]
How can this vulnerability impact me? :
Exploitation of this vulnerability can allow an attacker to cause denial of service (DoS) by crashing the application processing ICC profiles. Additionally, attackers may manipulate ICC profile data to bypass application logic or potentially achieve arbitrary code execution in vulnerable native libraries. This can lead to corrupted image processing, compromised system stability, and security breaches when processing maliciously crafted ICC profiles. [3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by processing specially crafted ICC profile files that trigger the unsafe downcast and runtime error in the CIccTagXmlSegmentedCurve::ToXml() function. For example, using the iccToXml tool from iccDEV to process a crafted ICC profile file (such as the one named "undefined-behavior-type-confusion-runtime-error-CIccSegmentedCurveXmlIccLibXML-IccTagXml_cpp-Line3094.icc") can reproduce the runtime error and indicate the presence of the vulnerability. A command example would be: `iccToXml undefined-behavior-type-confusion-runtime-error-CIccSegmentedCurveXmlIccLibXML-IccTagXml_cpp-Line3094.icc` executed on a Linux system. Monitoring for runtime errors or UBSan reports during such processing can help detect the vulnerability. [2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the iccDEV library to version 2.3.1.2 or later, where the vulnerability has been fixed by replacing unsafe pointer casting with proper object construction in the CIccTagXmlSegmentedCurve::ToXml() method. No workarounds are provided, so updating to the patched version is essential to prevent exploitation. [1, 3]