CVE-2026-24411 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Be…
High CVSS: 7.1

CVE-2026-24411

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in CIccTagXmlSegmentedCurve::ToXml(). This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs. Successful exploitation may allow an attacker to perform DoS, manipulate data, bypass application logic and Code Execution. This issue has been fixed in version 2.3.1.2.
Vendor
Color
Product
Iccdev
CWE
CWE-20
Yayın Tarihi
2026-01-24 02:15:49
Güncelleme
2026-01-30 18:25:00
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-20 Iccdev HIGH Color 2026

Referanslar

https://github.com/InternationalColorConsortium/iccDEV/commit/d6d6f51a999d4266ec09347cac7e0930d6e02eec https://github.com/InternationalColorConsortium/iccDEV/issues/499 https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-x53f-7h27-9fc8