Home > Vulnerability Database > CVE-2026-24411

Mend.io Vulnerability Database

CVE-2026-24411

Good to know:

Date: January 23, 2026

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in CIccTagXmlSegmentedCurve::ToXml(). This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs. Successful exploitation may allow an attacker to perform DoS, manipulate data, bypass application logic and Code Execution. This issue has been fixed in version 2.3.1.2.

Severity Score

7.1

Related Resources (5)

Url: https://github.com/InternationalColorConsortium/iccDEV/issues/499

Url: https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-x53f-7h27-9fc8

Url: https://github.com/InternationalColorConsortium/iccDEV/commit/d6d6f51a999d4266ec09347cac7e0930d6e02eec

Url: https://nvd.nist.gov/vuln/detail/CVE-2026-24411

Url: https://www.mend.io/vulnerability-database/CVE-2026-24411

Severity Score

7.1

Weakness Type (CWE)

Improper Input Validation

CWE-20

NULL Pointer Dereference

CWE-476

Unchecked Return Value to NULL Pointer Dereference

CWE-690

Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

CWE-758

CVSS v3.1

Base Score:	7.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2026-24411

Good to know:

Date: January 23, 2026

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?